ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PSE Strata All Questions

View all questions & answers for the PSE Strata exam
Go to Exam

Exam PSE Strata topic 1 question 24 discussion

Actual exam question from Palo Alto Networks's PSE Strata
Question #: 24
Topic #: 1
[All PSE Strata Questions]

A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default.
What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

  • A. Palo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports
  • B. Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis
  • C. Palo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application- specified ports
  • D. Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by mushi4ka at Oct. 2, 2022, 5:59 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
fatehz
4 months, 3 weeks ago
Selected Answer: B
B is true, C is wrong because it's say that he open the app ports only and it's wrong i can run an application on another not default port and it ll work.
upvoted 2 times
...
LostatSea
5 months, 4 weeks ago
Selected Answer: B
B and not C as "only opening ports after understanding the application request", the Palo Alto's can function as a layer 3 firewall based solely on port and no need to understand the application e.g unknown-tcp
upvoted 1 times
...
yet_another_user
7 months ago
Read the answers a few times, B and C is valid, can't distinguished. Each firewall blocks interzone traffic, not specific to PA.
upvoted 1 times
...
madinaes
8 months, 3 weeks ago
B is correct as a best practice also
upvoted 2 times
madinaes
8 months, 3 weeks ago
But the question is about Ports, that PA keeps all ports open by default so C is correct as an answer to this specific question.
upvoted 1 times
scanossa
3 months, 1 week ago
But Interzone ports are closed by default, so not all ports are open
upvoted 1 times
...
...
...
AOtwoma
1 year, 2 months ago
Selected Answer: B
Practically, B is correct
upvoted 3 times
...
mushi4ka
1 year, 3 months ago
Selected Answer: B
B is better
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago