ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 604 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 604
Topic #: 1
[All PCNSE Questions]

A firewall engineer has determined that, in an application developed by the company’s internal team, sessions often remain idle for hours before the client and server exchange any data. The application is also currently identified as unknown-tcp by the firewalls. It is determined that because of a high level of trust, the application does not require to be scanned for threats, but it needs to be properly identified in Traffic logs for reporting purposes.

Which solution will take the least time to implement and will ensure the App-ID engine is used to identify the application?

  • A. Create a custom application with specific timeouts and signatures based on patterns discovered in packet captures.
  • B. Access the Palo Alto Networks website and complete the online form to request that a new application be added to App-ID.
  • C. Create a custom application with specific timeouts, then create an application override rule and reference the custom application.
  • D. Access the Palo Alto Networks website and raise a support request through the Customer Support Portal.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by hcir at March 30, 2024, 8:46 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Reyad789
Highly Voted 9 months, 3 weeks ago
The answer is A, because in the question they mentioned that the App-ID process must be preformed. Application override policies skip the App-ID process.
upvoted 7 times
...
hcir
Highly Voted 9 months, 3 weeks ago
A is the answer. If it was a commercial application, B would be the answer. But because it is an internal application, creating a custom app is the way to go.
upvoted 7 times
Thunnu
9 months, 3 weeks ago
why not C?
upvoted 2 times
Djeep12345
9 months, 3 weeks ago
I will go with C
upvoted 1 times
DatITGuyTho1337
9 months, 3 weeks ago
Going with C means that the FW will stop using the App-ID engine because of the application override policy rule. A is the answer.
upvoted 3 times
Thunnu
9 months, 2 weeks ago
Yes we don't require the layer 4 to 7 scans. As the question itself mentioned not required to be scanned for threats.
upvoted 5 times
...
...
...
hcir
9 months, 3 weeks ago
A requirement is to be able to properly identify the application in the logs and reporting. With app-override, no application is identified, only TCP or UDP.
upvoted 5 times
...
...
...
Yohinar
Most Recent 2 months, 2 weeks ago
Selected Answer: C
Usually you would go with answer A, however the question states that layer 4-7 scanning is not wanted - hence answer C is correct.
upvoted 1 times
...
Bbb78
2 months, 2 weeks ago
Selected Answer: C
c - "overide" the inspection based on the custom application
upvoted 1 times
...
362c603
3 months, 1 week ago
Selected Answer: C
Application Override policies bypass layer 7 processing and threat inspectio https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/application-override-policy
upvoted 1 times
DatITGuyTho1337
2 months, 3 weeks ago
"...Application Override policies prevent the firewall from performing *layer 7 application identification* and layer 7 threat inspection and prevention..." The above via the same link provided, how can your answer be C???
upvoted 2 times
...
...
redgi0
4 months, 2 weeks ago
Selected Answer: A
I go with A C is not going to use APP-ID
upvoted 3 times
...
0d2fdfa
7 months, 2 weeks ago
Selected Answer: C
Correct Answer is C https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVLCA0 Example Use Scenario You might ask why we'd ever need to override the normal application identification process. In some cases, customers build their own custom applications to address specific needs unique to the company. For these applications, we may not have signatures to properly identify the expected behavior and identify the traffic with a known application. In such cases, we recommended creating an application override to allow easier identification and reporting, and to prevent confusion.
upvoted 4 times
...
PacketsDownRange99
9 months ago
Selected Answer: A
Agree with the rest. A
upvoted 1 times
...
VenomX51
9 months ago
Selected Answer: A
"...and will ensure the App-ID engine is used to identify the application" - This requires a signature. If you just create a custom app based on port and protocol, it's not using the App-ID engine to identify the app, and any traffic that matches that same port/protocol/source/destination will be identified as the custom app.
upvoted 1 times
...
JustWondering
9 months ago
Selected Answer: C
C is the correct answer. It does not say AppID needs to be done. It states that Traffic Logs need to see the application. The question asks about the the LEAST time to implement. Answer A requires packet captures.
upvoted 2 times
DatITGuyTho1337
2 months, 3 weeks ago
"Which solution will take the least time to implement and will ensure the App-ID engine is used to identify the application?" The above being the last line of the question itself. : /
upvoted 1 times
...
...
tonykolo
9 months, 1 week ago
Selected Answer: A
A -Creating a custom app takes less time time to implement than waiting for PA to create an app-ID. You don't need an app-override either.
upvoted 1 times
...
rhinogkn24
9 months, 2 weeks ago
Also C will take "less time" since no packet capture is required.
upvoted 1 times
...
rhinogkn24
9 months, 2 weeks ago
Selected Answer: C
When you create a custom app (with no signature) the custom app name referenced in the Sec Policy Rule will also be used to ID the custom app name in the traffic logs. Therefore properly identified per the reporting requirements.
upvoted 3 times
...
k3rnelpanicpj
9 months, 2 weeks ago
Selected Answer: A
A is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago