Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping. What is the quickest way to reset the hit counter to zero in all the security policy rules?

Use the Reset Rule Hit Counter > All Rules option

At the CLI enter the command reset rules and press Enter

Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule

How do you reset the hit count on a Security policy rule?

Select a Security policy rule, and then select Hit Count > Reset.

First disable and then re-enable the rule.

Type the CLI command reset hit count.

Which three statements describe the operation of Security policy rules and Security Profiles? (Choose three.)

Security Profiles are attached to Security policy rules.

Security Profiles should be used only on allowed traffic.

Security policy rules can block or allow traffic.

Security policy rules are attached to Security Profiles.

Security policy rules inspect but do not block traffic.

When you have created a Security Policy Rule that allows Facebook, what must you do to block all other web browsing traffic?

Nothing. You can depend on PANOS to block the web-browsing traffic that is not needed for Facebook use.

Create an additional rule that blocks all other traffic.

When creating the policy, ensure that web-browsing is included in the same rule.

Ensure that the Service column is defined as "application-default" for this Security policy. Doing this will automatically include the implicit web-browsing application dependency.

A Security policy rule is configured with a Vulnerability Protection Profile and an action of "Deny". Which action will this cause configuration on the matched traffic?

The configuration is valid. It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to “Deny”.

The configuration is invalid. The Profile Settings section will be grayed out when the Action is set to “Deny”.

The configuration will allow the matched session unless a vulnerability signature is detected. The “Deny” action will supersede the per-severity defined actions defined in the associated Vulnerability Protection Profile.

The configuration is invalid. It will cause the firewall to skip this Security policy rule. A warning will be displayed during a commit.

What are the differences between using a service versus using an application for Security Policy match?

Use of a “service” enables the firewall to take immediate action with the first observed packet based on port numbers. Use of an “application” allows the firewall to take action after enough packets allow for App-ID identification regardless of the ports being used.

Use of a “service” enables the firewall to take immediate action with the first observed packet based on port numbers. Use of an “application” allows the firewall to take immediate action if the port being used is a member of the application standard port list.

There are no differences between “service” or “application”. Use of an “application” simplifies configuration by allowing use of a friendly application name instead of port numbers.

Use of a “service” enables the firewall to take action after enough packets allow for App-ID identification.

Lab Exercises Security Policy Rule

Authored by Steve Brusas

Professional Development

1st - 3rd Grade

Used 40+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

15 questions

Show all answers

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Refer to the image. A web server in the DMZ is being mapped to a public address through DNAT.
Which Security policy rule will allow traffic to flow to the web server?

Untrust (any) to Untrust (10.1.1.100), web browsing – Allow

Untrust (any) to Untrust (1.1.1.100), web browsing – Allow

Untrust (any) to DMZ (1.1.1.100), web browsing – Allow

Untrust (any) to DMZ (10.1.1.100), web browsing – Allow

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443. Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents over HTTP(S). Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule. Which combination of service and application, and order of Security policy rules, needs to be configured to allow cleartext web-browsing traffic to this server on tcp/443?

Rule #1: application: web-browsing; service: application-default; action: allow Rule #2: application: ssl; service: application-default; action: allow

Rule #1: application: web-browsing; service: service-http; action: allow Rule #2: application: ssl; service: application-default; action: allow

Rule # 1: application: ssl; service: application-default; action: allow Rule #2: application: web-browsing; service: application-default; action: allow

Rule #1: application: web-browsing; service: service-https; action: allow Rule #2: application: ssl; service: application-default; action: allow

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Which Security policy rule will allow an admin to block facebook-chat but allow Facebook in general?

Deny application facebook-chat and facebook-mail before allowing application facebook-base

Deny application facebook-base on top

Allow application facebook-base on top

Allow application facebook-base before denying application facebook-chat and facebook-mail

Answer explanation

Failed to Block Facebook Chat Consistently - Knowledge Base - Palo Alto Networks

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?

global

intrazone

interzone

universal

Answer explanation

What are Universal, Intrazone and Interzone Rules? - Knowledge Base - Palo Alto Networks

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Based on the security policy rules shown, ssh will be allowed on which port?

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Which type of Security policy rule would match traffic flowing between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?

global

intrazone

interzone

universal

Answer explanation

What are Universal, Intrazone and Interzone Rules? - Knowledge Base - Palo Alto Networks

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Which path in PAN-OS 9.0 displays the list of port-based security policy rules?

Policies> Security> Policy Optimizer> No App Specified

Policies> Security> Policy Optimizer> Port only specified

Policies> Security> Policy Optimizer> Port-based Rules

Policies> Security> Policy Optimizer> Unused Apps

Answer explanation

Migrate Port-Based to App-ID Based Security Policy Rules (paloaltonetworks.com )

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

10 questions

Cover Letters

Quiz

•

KG - University

20 questions

Emails

Quiz

•

1st Grade

15 questions

O5A Level 3 Day 2

Quiz

•

1st - 3rd Grade

15 questions

ABP

Quiz

•

KG - Professional Dev...

15 questions

LEA 1 QUIZ

Quiz

•

1st Grade

10 questions

Browsing

Quiz

•

1st Grade

10 questions

Mrs. Riel's Class

Quiz

•

KG - Professional Dev...

10 questions

Pengenalan kepada Google Classroom

Quiz

•

KG - Professional Dev...

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Professional Development

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

18 questions

Comparing Fractions with same numerator or denominator

Quiz

•

3rd Grade

15 questions

Valentines Day Trivia

Quiz

•

3rd Grade

12 questions

Presidents' Day

Quiz

•

KG - 5th Grade

10 questions

History and Traditions of Valentine's Day

Interactive video

•

3rd - 6th Grade

Lab Exercises Security Policy Rule

Refer to the image. A web server in the DMZ is being mapped to a public address through DNAT.
Which Security policy rule will allow traffic to flow to the web server?

Which Security policy rule will allow an admin to block facebook-chat but allow Facebook in general?

Failed to Block Facebook Chat Consistently - Knowledge Base - Palo Alto Networks

Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?

What are Universal, Intrazone and Interzone Rules? - Knowledge Base - Palo Alto Networks

Based on the security policy rules shown, ssh will be allowed on which port?

Which type of Security policy rule would match traffic flowing between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?

What are Universal, Intrazone and Interzone Rules? - Knowledge Base - Palo Alto Networks

Which path in PAN-OS 9.0 displays the list of port-based security policy rules?

Migrate Port-Based to App-ID Based Security Policy Rules (paloaltonetworks.com )

Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping. What is the quickest way to reset the hit counter to zero in all the security policy rules?

Creating and Managing Policies (paloaltonetworks.com )

How do you reset the hit count on a Security policy rule?

Creating and Managing Policies (paloaltonetworks.com )

Which type of profile must be applied to the Security policy rule to protect against buffer overflows, illegal code execution, and other attempts to exploit system flaws?

Objects > Security Profiles > Vulnerability Protection (paloaltonetworks.com )

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

Lab Exercises Security Policy Rule

Refer to the image. A web server in the DMZ is being mapped to a public address through DNAT.Which Security policy rule will allow traffic to flow to the web server?

Which Security policy rule will allow an admin to block facebook-chat but allow Facebook in general?

Failed to Block Facebook Chat Consistently - Knowledge Base - Palo Alto Networks

Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?

What are Universal, Intrazone and Interzone Rules? - Knowledge Base - Palo Alto Networks

Based on the security policy rules shown, ssh will be allowed on which port?

Which type of Security policy rule would match traffic flowing between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?

What are Universal, Intrazone and Interzone Rules? - Knowledge Base - Palo Alto Networks

Which path in PAN-OS 9.0 displays the list of port-based security policy rules?

Migrate Port-Based to App-ID Based Security Policy Rules (paloaltonetworks.com)

Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping. What is the quickest way to reset the hit counter to zero in all the security policy rules?

Creating and Managing Policies (paloaltonetworks.com)

How do you reset the hit count on a Security policy rule?

Creating and Managing Policies (paloaltonetworks.com)

Which type of profile must be applied to the Security policy rule to protect against buffer overflows, illegal code execution, and other attempts to exploit system flaws?

Objects > Security Profiles > Vulnerability Protection (paloaltonetworks.com)

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

Refer to the image. A web server in the DMZ is being mapped to a public address through DNAT.
Which Security policy rule will allow traffic to flow to the web server?

Migrate Port-Based to App-ID Based Security Policy Rules (paloaltonetworks.com )

Creating and Managing Policies (paloaltonetworks.com )

Creating and Managing Policies (paloaltonetworks.com )

Objects > Security Profiles > Vulnerability Protection (paloaltonetworks.com )