Palo Alto Networks (PANW) Certified Network Security Administrator (PCNSA) Practice Exam

How can the SOC efficiently block access to a list of malicious URLs on a Palo Alto Networks firewall not licensed for URL filtering?

• A. Manually block each URL using security policy rules
• B. Create a Custom URL Category and reference it in a Security Policy rule
• C. Disable user access to the internet
• D. Contact Palo Alto Networks for a subscription upgrade

The correct answer is: Create a Custom URL Category and reference it in a Security Policy rule

Creating a Custom URL Category and referencing it in a Security Policy rule is the most efficient way to block access to a list of malicious URLs on a Palo Alto Networks firewall that is not licensed for URL filtering. This approach allows the security operations center (SOC) to manage URL access dynamically without needing to manually block each malicious URL individually. By defining a Custom URL Category, the SOC can group all the malicious URLs into a single category. Once this category is created, the SOC can easily implement a security policy rule that denies traffic to any URLs within that category. This method is highly effective because it simplifies management and updates; if new malicious URLs need to be added, they can just be included in the existing custom category without altering multiple security policies or rules. This efficiency not only saves time but also reduces the risk of human error when manually blocking URLs. Utilizing a Custom URL Category becomes particularly advantageous when dealing with a large volume of URLs, as it centralizes control and streamlines the process of URL management. Additionally, this approach can still be compatible with limited licensing, as it allows for granular control without the need for advanced features that a URL filtering license would provide.