What will result in the largest number of policies being counted against the total policies allowed for theNetScreendevice?

What will result in the largest number of policies being counted against the total policies allowed for theNetScreendevice?

What will result in the largest number of policies being counted against the total policies allowed for theNetScreendevice?

A.
creating a single address book entry with a subnet mask of /24

B.
creating a single address book entry with a subnet mask of 255.255.192.0

C.
creating a group and adding 6 addresses, each with a subnet mask of /32, and making it part of your source address in the policy

D.
creating a group of 2 addresses, each with a subnet mask of /30, and using it for your source address and creating another group of 3 addresses, each with a subnet mask of /28, and using it for your destination address

Explanation:

A single user-defined policy produces one or more logical rules internally, and each logical rule consists of a set of components-source address, destination address, and service. The components consume memory resources.
The logical rules that reference the components do not. Depending on the use of multiple entries or groups for the source address, destination address, and service components in a policy, the number of logical rules can be much larger than is readily apparent from the creation of the single policy. For example, the following policy produces 125 logical rules:
1 policy: 5 source addresses x 5 destination addresses x 5 services = 125 logical rules However, theNetScreendevice does not duplicate components for each logical rule. The rules make use of the
sameset of components in various combinations. For example, the above policy that produces 125 logical rules
resultsin only 15 components:
5 source addresses + 5 destination addresses + 5 services = 15 components These 15 components combine in various ways to produce the 125 logical rules generated by the single policy. By allowing multiple logical rules to use the same set of components in different combinations, theNetScreen
device consumes far fewer resources than if each logical rule had a one-to-one relationship with its components.
Because the installation time of a new policy is proportional to the number of components that theNetScreendevice adds, removes, or modifies, policy installation becomes faster with fewer components. Also, by allowing a large number of logical rules to share a small set of components,NetScreenallows you to create more policies-and theNetScreendevice to create more rules-than would be possible if each rule required dedicated components.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


mr_tienvu

mr_tienvu

I have the same idea. C