Home » Cisco » 210-260 v.2 » What is the best practice for URL filtering to solve the problem?
You have been tasked with blocking user access to websites that violate company policy, but the sites use dynamic IP addresses. What is the best practice for URL filtering to solve the problem?
A. Enable URL filtering and use URL categorization to block the websites that violate company policy.
B. Enable URL filtering and create a blacklist to block the websites that violate company policy.
C. Enable URL filtering and create a whitelist to block the websites that violate company policy.
D. Enable URL filtering and use URL categorization to allow only the websites that company policy allows users to access.
E. Enable URL filtering and create a whitelist to allow only the websites that company policy allows users to access.
Correct Answer: A
Explanation/Reference:
Explanation:
Enable policy—Enables or disables the individual policy; the global URL Filtering setting overrides the specifications of an individual policy.
URL Category—Choose a filtering action for the URL categories to which you want to restrict access. There are over 80 categories segmented in seven logical groups. You can create custom categories in HTTP > Configuration >
Custom Categories.
The following describes the available filtering actions:
– Allow—Connection to the target server is allowed and users can access the Web site.
– Block—Connection to the target server is not established and users are not allowed to access the Web site. A log entry is also created for this event.
– Block w/Override—Connection to target service is not established unless the user can type a specific password to override the category blocking.
Reference: https://docs.trendmicro.com/all/ent/iwsva/v5.5/en-us/iwsva_5.5_olh/urlf_policy_rule.htm
D.
Enable URL filtering and use URL categorization to block the websites that violate company policy
Explanation:
Brad
Answer- D
Confidence level: 100%
Remember: A whitelist does not block URLs, and a blacklist will not always work when a URL uses dynamic IP
addresses.
BD
Each website defined in the URL filtering database is assigned one of approximately 60 different URL
categories. There are two ways to make use of URL categorization on the firewall:
Block or allow traffic based on URL category —You can create a URL Filtering profile that specifies an action
for each URL category and attach the profile to a policy. Traffic that matches the policy would then be subject to
the URL filtering settings in the profile. For example, to block all gaming websites you would set the block action
for the URL category games in the URL profile and attach it to the security policy rule(s) that allow web access.
See Configure URL Filtering for more information.
Match traffic based on URL category for policy enforcement —If you want a specific policy rule to apply only to
web traffic to sites in a specific category, you would add the category as match criteria when you create the
policy rule. For example, you could use the URL category streaming-media in a QoS policy to apply bandwidth
controls to all websites that are categorized as streaming media. See URL Category as Policy Match Criteria for
more information.
By grouping websites into categories, it makes it easy to define actions based on certain types of websites.
Source: https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/url-filtering/url-categories
Your answer actually matches A in this instance.
It’s A
URL Filtering Overview
Use the URL filtering feature to control the websites that users on your network can access:
Category and reputation-based URL filtering—With a URL Filtering license, you can control access to websites based on the URL’s general classification (category) and risk level (reputation). This is the recommended option.
B. Enable URL filtering and create a blacklist to block the websites that violate company policy.
The Web Filteringfeatureenablesthe user to providecontrolledaccess to Internetwebsitesor Interanetsitesby configuringthe domain-basedor URL-basedpoliciesand filters on the device.The user can configurethewebfilteringprofilestomanagethewebaccess.TheWebFilteringfeatureisimplementedusingthecontainerserviceand it is similarto the Snort IPS solution.Web Filteringcan either allow or deny access to a specificdomainor URL based on:
• Whitelistand Blacklist—Theseare static rules, which helps the user to either allow or deny domainsorURLs. If the same patternis configuredunder both whitelistand blacklist,the traffic will be whitelisted.
• Category—URLscan be classifiedinto multiplecategoriessuch as News, Social Media,Education,Adultandsoon.Basedontherequirements,userhastheoptiontoblockorallowoneormorecategories.