The correct answer is B & C.
Here's why:
B. When a policy change includes changing the policy's source or destination address match condition, all existing sessions are dropped.
Correct – Changing the source or destination address affects how traffic is matched, so all existing sessions are dropped because they may no longer match the modified policy.
C. When a policy change includes changing the policy's action from permit to deny, all existing sessions are dropped.
Correct – If a policy action is changed from permit to deny, the existing sessions are immediately dropped because they are no longer allowed under the new rule.
Why D is incorrect:
D states that sessions are "reevaluated" when source or destination addresses are changed.
However, in most firewalls with a policy rematch feature, such changes result in sessions being dropped, not just reevaluated. The system does not keep the session and just check it again—it removes it because the session may no longer be valid.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Nikhil541993
1 week, 5 days ago