Which security policy action causes this?

PCNSA V4 0 Comments

An administrator would like to override the default deny action for a given application, and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited".

Which security policy action causes this?
A . Drop
B. Drop, send ICMP Unreachable
C. Reset both
D. Reset server

Answer: B

Explanation:

Silently drops the traffic; for an application, it overrides the default deny action. A TCP reset is not sent to the host/application.

For Layer 3 interfaces, to optionally send an ICMP unreachable response to the client, set Action:

Drop and enable the Send ICMP Unreachable

check box. When enabled, the firewall sends the ICMP code for communication with the destination is administratively prohibited–ICMPv4: Type 3, Code 13; ICMPv6: Type 1, Code 1. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClltCAC#:~:text=The%20Deny%20action%20will%20tear,packets%20will%20be%20silently%20discarded.

Latest PCNSA Dumps Valid Version with 115 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PCNSA PDF     PCNSA Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments