An administrator would like to apply a more restrictive Security profile to traffic for file sharing applications. The administrator does not want to update the Security policy or object when new applications are released.
Which object should the administrator use as a match condition in the Security policy?
The administrator should use an application filter for applications whose subcategory is file-sharing. This allows the security policy to automatically cover new file-sharing applications as they are identified, without needing to manually update the policy or objects. Application filters dynamically match all applications that meet the defined criteria, ensuring that any traffic related to new file-sharing applications is automatically covered by the restrictive Security profile.
When new app-IDs come out, the filter will be updated and that is not what admin wants.
I would argue that the answer is D for app filters because using App groups would mean that the Admin would have to manually update the security policy and objects when new applications are released. The App filters does this automatically on the back end so the admin does not have to manually update the rule.
Answer seems to be D. The Administrator does not want to manually update the policy when the new new applications are released. So App filter is required to get it auto updated. The issue is question is not clear. It can be interpreted as you did and marked as C too.
Answer seems to be D. The Administrator does not want to manually update the policy when the new new applications are released. So App filter is required to get it auto updated. The issue is question is not clear. It can be interpreted as you did and marked as C too.
D is correct
If C option is used, then the administrator has to update the group everytime a new app is added in new app updates.
Answer D. The Administrator does not want to manually update the policy when the new applications are released.
D. The only way the Admin will not have to update any Security policies or objects when the App ID is updated is if a Filter is used. Has to be D.
Rolling with D. App filters update the security rules so you don't have to do so manually when new apps are released. There will probably be new file sharing apps released onto the web on a monthly basis, filtering for the file sharing app filter object is the easiest way to stay updated without manually expanding the matching object condition on the security rule.