A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default.
What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

A. Palo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports

B. Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis

C. Palo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application- specified ports

D. Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default








 

Suggested Answer: C

Community Answer: B

Reference:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVwCAK

This question is in PSE Strata Palo Alto Networks Systems Engineer (Strata) Exam
For getting Palo Alto Networks Systems Engineer (PSE Strata) Certificate





Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Palo Alto Networks. 
Trademarks, certification & product names are used for reference only and belong to Palo Alto Networks.
The website does not contain actual questions and answers from Palo Alto Networks's Certification Exams.