An administrator has configured a Security policy where the matching condition includes a single application, and the action is drop. If the application's default deny action is reset-both, what action does the firewall take?
A.
It silently drops the traffic.
B.
It silently drops the traffic and sends an ICMP unreachable code.
C.
It sends a TCP reset to the server-side device.
D.
It sends a TCP reset to the client-side and server-side devices.
In Palo Alto’s PAN-OS, if a Security policy is configured with a matching condition that includes a single application and the action is set to drop, the firewall will silently drop the traffic1. This means that a TCP reset is not sent to the host/application1. This action overrides the default deny action of the application, even if it’s set to reset-both1. Therefore, the correct answer is A. It silently drops the traffic.
Deny Action
App-IDs are developed with a default deny action that dictates how the firewall responds when the application is included in a Security policy rule with a deny action. The default deny action can specify either a silent drop or a TCP reset. You can override this default action in Security policy.
For traffic that matches the attributes defined in a security policy, you can apply the following actions:
DROP
Silently drops the traffic; for an application, it overrides the default deny action. A TCP reset is not sent to the host/application.
For Layer 3 interfaces, to optionally send an ICMP unreachable response to the client, set Action: Drop and enable the Send ICMP Unreachable check box. When enabled, the firewall sends the ICMP code for communication with the destination is administratively prohibited—ICMPv4: Type 3, Code 13; ICMPv6: Type 1, Code 1.
It looks like A.
D would be valid, if the security policy action will be deny and not drop as mentioned in the question.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClltCAC
answer id D as on the Palo Alto practice exam link below
https://beacon.paloaltonetworks.com/assessment_responses/report/16167409#assessment-response-details
"the action is drop" this is stated in the question :)
Drop:
Silently drops the traffic; for an application, it overrides the default deny action. A TCP reset is not sent to the host/application.
The answer is D https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/security-policy/security-policy-actions
Reset both= Sends a TCP reset to both the client-side and server-side devices.
The correct answer is D. Reset-both => Sends a TCP reset to both the client-side and server-side devices.
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/objects/objects-security-profiles-vulnerability-protection
This link refers to action for a signatures: Objects>Security ProfilesVulnerability Protection, and not for the exam question. Please refrain from posting incorrect answers!
Reset Both
For TCP, resets the connection on both the client and server ends. For UDP,
drops the connection.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
cjace
1 month, 3 weeks agojbas
2 months, 2 weeks ago[Removed]
3 months, 1 week agoNotimig
8 months agoAndy222
10 months, 2 weeks agoblu_gandalf
1 year, 2 months agomr_flubber
1 year, 2 months agoo0ZACK0o
1 year, 4 months agoTandos
1 year, 4 months agoNeil_Neo234
1 year, 8 months agoDigitalEtrigan
1 year, 8 months agoDigitalEtrigan
1 year, 8 months agoFireACACIA
1 year, 8 months agoNajmmm
1 year, 8 months agofroggy2638
1 year, 8 months agokvothe86
1 year, 8 months agoTheMaster01
1 year, 9 months agoreinaldopazsandoval
1 year, 9 months agoH3kerman
2 years, 7 months ago