Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 74

Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?

Answer options

• A. Deny application facebook-chat before allowing application facebook
• B. Deny application facebook on top
• C. Allow application facebook on top
• D. Allow application facebook before denying application facebook-chat

Correct answer: A

Explanation

Option A is correct because it specifically denies access to facebook-chat first, ensuring that chat is blocked while still allowing general access to Facebook afterwards. The other options either block access to Facebook entirely or do not correctly prioritize the blocking of the chat feature over the main Facebook application.