Exhibit
admin@PA-500> show log traffic | match allow | head -10 1: 2019-05-15 10:00:00, allow, trust, untrust, 10.10.1.10, 8.8.8.8, web-browsing, http, rule1, ... 2: 2019-05-15 10:00:01, allow, trust, untrust, 10.10.1.11, 8.8.8.8, web-browsing, http, rule1, ... 3: 2019-05-15 10:00:02, deny, trust, untrust, 10.10.1.12, 8.8.8.8, web-browsing, http, rule2, ... 4: 2019-05-15 10:00:03, allow, dmz, untrust, 10.20.1.1, 8.8.8.8, web-browsing, http, rule3, ...
- A
Add 10.10.1.12 to rule1's source address.
Why wrong: Adding the specific IP to rule1 might be too narrow and could complicate the rule's intent.
- B
Change rule2 to allow.
Why wrong: Changing rule2 to allow would permit all traffic matched by rule2, which may include unwanted traffic.
- C
Create a new rule above rule2 that allows the specific traffic with appropriate security profiles.
This targets only the denied traffic while maintaining security profiles.
- D
Move rule2 above rule1.
Why wrong: Moving rule2 above rule1 would cause it to be evaluated first, potentially denying traffic that rule1 would have allowed.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.