For a new cloud-gen firewall configuration, a default block posture is the safer baseline. Administrators should explicitly permit required business traffic and preserve required Zscaler service rules instead of leaving a broad default allow that weakens least-privilege design. Option A (Block all traffic) is correct because block all traffic is the recommended default-deny stance.
Why the other options are incorrect:
B. Permit all traffic: Permit-all firewall posture lets unexpected services leave the network until later rules stop them.
C. Disable the firewall: Disabling the firewall removes the enforcement layer instead of creating a safe default rule set.
D. Allow only web traffic (ports 80/443): Allowing only ports 80/443 would ignore valid non-web business traffic that may need explicit firewall rules.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit