PCNSE Exam QuestionsBrowse all questions from this exam

PCNSE Exam - Question 48

Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?

Deny application facebook-chat before allowing application facebook

Deny application facebook on top

Allow application facebook on top

Allow application facebook before denying application facebook-chat

Show Answer

Correct Answer: A

To block Facebook chat while allowing Facebook in general, the security policy must be set to deny the 'facebook-chat' application before allowing the 'facebook' application. If the rule to deny 'facebook-chat' is placed before the rule allowing 'facebook', the specific chat functionality will be blocked first, and then general Facebook access will be permitted. By setting the policies in this order, the firewall processes the deny rule for Facebook chat first, effectively blocking it, and then processes the allow rule for Facebook, permitting access to the rest of Facebook's functionality.

Discussion

13 comments

rajputparveenOption: A

Jun 23, 2020

A correct

NNgiggsOption: A

Dec 10, 2021

Allowing Facebook will allow all its dependents including Facebook chat. therefore, you will need to block Facebook chat before the allow Facebook below it. A is the correct answer.

aatechlerOption: A

Jan 15, 2023

A >>>>Just tested on my LAB. Deny Face chat Allow Facebook and DNS

Pag0sOption: A

Feb 9, 2021

A is correct

zjam

Jul 17, 2021

correct

Kane002Option: C

Nov 17, 2021

C. facebook-chat is dependent on facebook, and must be explicitly allowed. Therefore, permit facebook only, and facebook-chat will fall to the interzone default of deny.

Breyarg

Dec 15, 2021

if you allow facebook as a parent app then it will allow all sub apps incliding facebook chat. your answer and logic is incorrect. correct answer is A. you Deny the facebok chat, then allow all of facebook after.

UFanatOption: A

Jun 21, 2022

A is correct

JMIBOption: A

Aug 8, 2022

A is correct

PANWOption: D

Jan 1, 2023

The answer is D: PANW firewalls do application shifting so it can transition from Facebook-base to facebook-chat and allow everything facebook accept chat I tried it in my lab with rule order as in answer D: and everything works accept Facebook messenger I disabled the deny rule and messenger started working again Proof is in the pudding

sujss

Jan 14, 2023

But the answer D doesn't really mean allowing everything except chat, it simply says allow FB before denying chat( as far as I understand), meaning 2 separate rules.So if the traffic matches a certain rule the firwall will stop processing the traffic further so would it be able to identify facebook chat when the application shifts. I might be incorrect please help to clarify this. ( the answers might not have been properly worded here adding to the confusion).

SpippoloOption: A

Feb 17, 2023

A is correct

yazid0016Option: A

Dec 17, 2022

A is correct

MarshpillowzOption: A

Jan 23, 2024

A is the correct answer

bing2021Option: A

Jul 5, 2024

before allow fb base