Exam PCNSA topic 1 question 159 discussion

A and B are correct: he firewall first performs an application-override policy lookup to see if there is a rule match. If there is, the application is known and content inspection is skipped for this session . If there is no application-override rule, then application signatures are used to identify the application. The firewall uses protocol decoding in the content inspection stage to determine if an application changes from one application to another .

Yes, you’re correct. The Application Override Policy Match is indeed a part of the application identification process in the packet flow within Palo Alto’s PAN-OS12345. Application Override policies are used when you want to override the application that the firewall has identified2. These policies bypass layer 7 processing and threat inspection and instead use less secure stateful layer 4 inspection2. They prevent the firewall from performing layer 7 application identification and layer 7 threat inspection and prevention2. Therefore, the correct answers are A. pattern based application identification and B. application override policy match.

During the packet flow process, the two processes that are performed in application identification are: A. Pattern based application identification This process involves identifying applications based on patterns or signatures in the traffic. It’s a common method used in deep packet inspection. C. Session application identified Once the application is identified based on patterns, the session is then labeled with the identified application. This allows the firewall to apply the appropriate policies for that specific application. So, the correct answers are A and C

Based on link correct