Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 112
For which two reasons would a firewall discard a packet as part of the packet flow sequence? (Choose two.)
Answer options
- A. ingress processing errors
- B. rule match with action ג€denyג€
- C. rule match with action ג€allowג€
- D. equal-cost multipath
Correct answer: A, B
Explanation
A firewall will discard a packet if there are ingress processing errors, indicating issues with how the packet was received. Additionally, if a packet matches a rule that specifies an action of 'deny', it will also be discarded, as this means the packet is not allowed through the firewall. Options C and D do not result in packet discarding; 'allow' permits passage, and equal-cost multipath relates to routing, not packet filtering.