You have been tasked with blocking user access to websites that violate company policy, but the sites use
dynamic IP addresses. What is the best practice for URL filtering to solve the problem?
A.
Enable URL filtering and create a blacklist to block the websites that violate company policy
B.
Enable URL filtering and create a whitelist to allow only the websites the company policy allow users to
access
C.
Enable URL filtering and use URL categorization to allow only the websites the company policy allow users
to access
D.
Enable URL filtering and use URL categorization to block the websites that violate company policy
E.
Enable URL filtering and create a whitelist to block the websites that violate company policy
Explanation:
Brad
Answer- D
Confidence level: 100%
Remember: A whitelist does not block URLs, and a blacklist will not always work when a URL uses dynamic IP
addresses.
BD
Each website defined in the URL filtering database is assigned one of approximately 60 different URL
categories. There are two ways to make use of URL categorization on the firewall:
Block or allow traffic based on URL category —You can create a URL Filtering profile that specifies an action
for each URL category and attach the profile to a policy. Traffic that matches the policy would then be subject to
the URL filtering settings in the profile. For example, to block all gaming websites you would set the block action
for the URL category games in the URL profile and attach it to the security policy rule(s) that allow web access.
See Configure URL Filtering for more information.
Match traffic based on URL category for policy enforcement —If you want a specific policy rule to apply only to
web traffic to sites in a specific category, you would add the category as match criteria when you create the
policy rule. For example, you could use the URL category streaming-media in a QoS policy to apply bandwidth
controls to all websites that are categorized as streaming media. See URL Category as Policy Match Criteria for
more information.
By grouping websites into categories, it makes it easy to define actions based on certain types of websites.
Source: https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/url-filtering/url-categories
D is the correct option as in cisco firesight we create url filtering and categories. There is no option for blacklisting.
“With a URL Filtering license, you can control your users’ access to websites based on the category and reputation of requested URLs, which the FireSIGHT System obtains from the Cisco cloud:”
qouted from the link below
http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/AC-Rules-App-URL-Reputation.html