Answer-first summary for fast verification
Answer: Configure a firewall rule to match the source/destination IP addresses of the VMs, and use the apply_security_profile_group action.
To enable IPS inspection on Cloud NGFW Enterprise, firewall rules must be configured to match the relevant traffic (source/destination IPs of VMs) and apply the security profile group containing IPS settings. Option D correctly uses `apply_security_profile_group` to enforce the security profiles, including IPS. Packet Mirroring (A) is unnecessary for inline NGFW inspection. `goto_next` (B) does not apply security profiles. Hostname matching (C) is not supported in firewall rules for this purpose.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
To enable traffic inspection for VMs using the Intrusion Prevention Service (IPS) feature on Cloud Next Generation Firewall Enterprise after deploying firewall endpoints, what steps should you take?
A
Configure Packet Mirroring to match the source/destination IP addresses of the VMs.
B
Configure a firewall rule to match the source/destination IP addresses of the VMs, and use the goto_next action.
C
Configure a firewall rule to match the hostnames of the VMs, and use the apply_security_profile_group action.
D
Configure a firewall rule to match the source/destination IP addresses of the VMs, and use the apply_security_profile_group action.