Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Go to Exam

Question 48

Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?

Deny application facebook-chat before allowing application facebook

Deny application facebook on top

Allow application facebook on top

Allow application facebook before denying application facebook-chat

Correct Answer: A

To block Facebook chat while allowing Facebook in general, the security policy must be set to deny the 'facebook-chat' application before allowing the 'facebook' application. If the rule to deny 'facebook-chat' is placed before the rule allowing 'facebook', the specific chat functionality will be blocked first, and then general Facebook access will be permitted. By setting the policies in this order, the firewall processes the deny rule for Facebook chat first, effectively blocking it, and then processes the allow rule for Facebook, permitting access to the rest of Facebook's functionality.

Discussion

rajputparveenOption: A

A correct

NNgiggsOption: A

Allowing Facebook will allow all its dependents including Facebook chat. therefore, you will need to block Facebook chat before the allow Facebook below it. A is the correct answer.

aatechlerOption: A

A >>>>Just tested on my LAB. Deny Face chat Allow Facebook and DNS

Pag0sOption: A

A is correct

SpippoloOption: A

A is correct

PANWOption: D

The answer is D: PANW firewalls do application shifting so it can transition from Facebook-base to facebook-chat and allow everything facebook accept chat I tried it in my lab with rule order as in answer D: and everything works accept Facebook messenger I disabled the deny rule and messenger started working again Proof is in the pudding

sujss

But the answer D doesn't really mean allowing everything except chat, it simply says allow FB before denying chat( as far as I understand), meaning 2 separate rules.So if the traffic matches a certain rule the firwall will stop processing the traffic further so would it be able to identify facebook chat when the application shifts. I might be incorrect please help to clarify this. ( the answers might not have been properly worded here adding to the confusion).

JMIBOption: A

A is correct

UFanatOption: A

A is correct

Kane002Option: C

C. facebook-chat is dependent on facebook, and must be explicitly allowed. Therefore, permit facebook only, and facebook-chat will fall to the interzone default of deny.

Breyarg

if you allow facebook as a parent app then it will allow all sub apps incliding facebook chat. your answer and logic is incorrect. correct answer is A. you Deny the facebok chat, then allow all of facebook after.

zjam

correct

bing2021Option: A

before allow fb base

MarshpillowzOption: A

A is the correct answer

yazid0016Option: A

A is correct