Given the screenshot, how did the firewall handle the traffic?

Given the screenshot, how did the firewall handle the traffic?

A . Traffic was allowed by policy but denied by profile as encrypted.
B. Traffic was allowed by policy but denied by profile as a threat.
C. Traffic was allowed by profile but denied by policy as a threat.
D. Traffic was allowed by policy but denied by profile as a nonstandard port.

Answer: B

Explanation:

The screenshot shows the threat log which records the traffic that matches a threat signature or is blocked by a security profile. The log entry indicates that the traffic was allowed by the security policy rule “Allow-All” but was denied by the vulnerability protection profile “strict” as a threat. The threat name is “Microsoft Windows SMBv1 Multiple Vulnerabilities (MS17-010: EternalBlue)” and the action is “reset-both” which means that the firewall reset both the client and server connections.

References: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/threat-log-fields

Latest PCNSE Dumps Valid Version with 280 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments