Question 13 - One Question A Week
  

Sangfor Elsa Lv4Posted 08 Aug 2019 17:46

Last edited by Sangfor Elsa 16 Aug 2019 09:55.

每周一问第十三期.png

Hi fellas,

What a pity that no one had chosen the right answer in the last question.
This time, please select the one you know is right and do not get confused by other member's selection!

[Event Duration]
Question 13  August 9 - August 15

[How to Play]
Select the option you think is right.

[Event Rewards]
Each reply will earn 100-coin tokens, and the right answer will earn extra 200-coin tokens.

[Tips]
1. The rewards will be sent out next week.
2. The right answer will be updated in this thread next week.

Next Question will come from the following document!
SANGFOR NGAF_v8.0.8_Intrusion Prevention_Best Practice
You can download it

Update on August 16
Question 13

Which of the following options is true about Application Control policy?

1.        Can not control service by port number.
Fales: App Control Policy can control service by port. And You can custom the port by yourself.
79995d560c81736f7.png

320895d560c8c19ec6.png

2.        If allow all-access, do not need to configure any application control policy
Fales: There is a default application control policy deny all services.
400465d560ca6db51d.png

3.        Untrust zone to trust zone does not need to configure the policy.
Fales: The default policy is to deny all services. If untrust zone needs to access trust zone need configure a policy to allow it.

4.        Need to attention whether the DNAT allow all access via all port
True: Note that in the DNAT policy, all content of DNAT is allowed to be accessed by application control policies by default. When in the environment of full mapping for a public network IP, it is recommended to negotiation with the user and uncheck this option, and manually enable services in the application control policies.
996365d560ccdbefed.png

Single Poll, 144 voters in all
1.39% (2)
0.69% (1)
4.86% (7)
93.06% (134)
You do not have the permission to vote here.