ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which statement is true about Panorama managed devices?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)

Question 349 - PCNSA discussion

Report
Export

What Policy Optimizer policy view differ from the Security policy do?

A.
It shows rules that are missing Security profile configurations.
Answers
A.
It shows rules that are missing Security profile configurations.
B.
It indicates rules with App-ID that are not configured as port-based.
Answers
B.
It indicates rules with App-ID that are not configured as port-based.
C.
It shows rules with the same Source Zones and Destination Zones.
Answers
C.
It shows rules with the same Source Zones and Destination Zones.
D.
It indicates that a broader rule matching the criteria is configured above a more specific rule.
Answers
D.
It indicates that a broader rule matching the criteria is configured above a more specific rule.
Suggested answer: B

Explanation:

Policy Optimizer policy view differs from the Security policy view in several ways. One of them is that it indicates rules with App-ID that are not configured as port-based. These are rules that have the application set to ''any'' instead of a specific application or group of applications. These rules are overly permissive and can introduce security gaps, as they allow any application traffic on the specified ports.Policy Optimizer helps you convert these rules to application-based rules that follow the principle of least privilege access12.You can use Policy Optimizer to discover and convert port-based rules to application-based rules, and also to remove unused applications, eliminate unused rules, and discover new applications that match your policy criteria3.Reference:

Policy Optimizer Best Practices - Palo Alto Networks

Manage: Policy Optimizer - Palo Alto Networks | TechDocs

Why use Security Policy Optimizer and what are the benefits?

Show Answer
asked 23/09/2024
Geoffrey Vd Molen
41 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms