How can an administrator configure the firewall to automatically quarantine a device using GlobalProtect?
A.
by adding the device's Host ID to a quarantine list and configure GlobalProtect to prevent users from connecting to the GlobalProtect gateway from a quarantined device
B.
by exporting the list of quarantined devices to a pdf or csv file by selecting PDF/CSV at the bottom of the Device Quarantine page and leveraging the appropriate XSOAR playbook
C.
by using security policies, log forwarding profiles, and log settings
D.
there is no native auto-quarantine feature so a custom script would need to be leveraged
confirm c
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-new-features/globalprotect-features/identification-and-quarantine-of-compromised-devices.html
After you identify a device as compromised (for example, if a device has been infected with malware and is performing command and control actions), you can manually add the device’s Host ID to a quarantine list and configure GlobalProtect to prevent users from connecting to the GlobalProtect gateway from a quarantined device. You can also automatically quarantine the device using security policies, log forwarding profiles, and log settings.
The answer is A, not sure why people are saying C with the same link.
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-new-features/globalprotect-features/identification-and-quarantine-of-compromised-devices
The correct answer is C.
In your link say "you can manually add the device’s Host ID to a quarantine list and configure GlobalProtect to prevent users from connecting to the GlobalProtect gateway from a quarantined device. You can also automatically quarantine the device using security policies, log forwarding profiles, and log settings."
HOST ID for manually and security policies, log forwarding profiles, and log settings for automatically.
C
https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/host-information/quarantine-devices-using-host-information/automatically-quarantine-a-device
Answer is C. Read the wording of the question and then find the answer here:
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-new-features/globalprotect-features/identification-and-quarantine-of-compromised-devices.html
After you identify a device as compromised (for example, if a device has been infected with malware and is performing command and control actions), you can manually add the device’s Host ID to a quarantine list and configure GlobalProtect to prevent users from connecting to the GlobalProtect gateway from a quarantined device. You can also automatically quarantine the device using security policies, log forwarding profiles, and log settings.
Both A and C kinda work.
Hi Team, the answer is A based on the KB below it even tells you that:
'you can manually add the device’s Host ID to a quarantine list and configure GlobalProtect to prevent users from connecting to the GlobalProtect gateway from a quarantined device'
i agree but then re-read the question it implies "automatically" which suggests no manual intervention. so only "C" can be correct now.
upvoted 3 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mmed
Highly Voted 3 years, 5 months agoNLT
Highly Voted 2 years, 5 months agoNullNull88
Most Recent 4 days, 2 hours agocorpguy
1 month, 3 weeks agoSCCUser
3 weeks agocorpguy
2 weeks agoMarshpillowz
7 months agolol12
1 year, 9 months agoGilmarcio
2 years, 6 months agoPlato22
2 years, 8 months agoprosto_marussia
2 years, 8 months agoMartian89
2 years, 1 month agoBiz90
2 years, 10 months agoBreyarg
2 years, 7 months ago