exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam

Exam PCNSE topic 1 question 47 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 47
Topic #: 1
[All PCNSE Questions]

Which event will happen if an administrator uses an Application Override Policy?

  • A. Threat-ID processing time is decreased.
  • B. The Palo Alto Networks NGFW stops App-ID processing at Layer 4.
  • C. The application name assigned to the traffic by the security rule is written to the Traffic log.
  • D. App-ID processing time is increased.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
ChiaPet75
Highly Voted 4 years, 6 months ago
Correct: B "If you define an application override, the firewall stops processing at Layer-4. The custom application name is assigned to the session to help identify it in the logs, and the traffic is not scanned for threats." (See the bottom of the page) https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/app-id/manage-custom-or-unknown-applications
upvoted 15 times
duckduckgooo
1 year, 8 months ago
updated link https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/app-id/manage-custom-or-unknown-applications
upvoted 1 times
redgi0
4 months ago
https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/application-override-policy
upvoted 1 times
...
...
...
joe17021991
Highly Voted 4 years, 5 months ago
Alternatively, if you would like the firewall to process the custom application using fast path (Layer-4 inspection instead of using App-ID for Layer-7 inspection), you can reference the custom application in an application override policy rule. An application override with a custom application will prevent the session from being processed by the App-ID engine, which is a Layer-7 inspection. Instead it forces the firewall to handle the session as a regular stateful inspection firewall at Layer-4, and thereby saves application processing time.
upvoted 6 times
Prutser2
3 years, 6 months ago
correct, so this question is all about the wording, with application override, there is no app ID inspection, only statefull. so answer B wording makes it wrong. a side effect of this is that threat inspection is not taking place , so it could be answer A also
upvoted 1 times
...
...
Marshpillowz
Most Recent 11 months, 1 week ago
Selected Answer: B
B is the correct answer
upvoted 1 times
...
tmp99
1 year, 4 months ago
B https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/application-override-policy
upvoted 1 times
...
Merlin0o
1 year, 6 months ago
Selected Answer: B
Correct: B Ref: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/application-override-policy
upvoted 1 times
...
yazid0016
2 years ago
B is correct
upvoted 1 times
...
Gngogh
2 years, 1 month ago
I do not agree that B is the correct answer, however is the only best choice. answer A: CTD processing time is not decreased, we can only do it or not answer B: APP-ID is layer 7 processing not layer 4 answer C: APP name is assigned by the Application override policy not security policy answer D: There is no APP-ID processing, so the time is not increased
upvoted 3 times
SH_
10 months, 3 weeks ago
I agree. B is correct mainly by elimination. because if the app-ID assigned to the traffic by an Application Override policy rule includes an application signature that has a Parent App based on a non-custom application, then Content-ID (layer 7) inspection of the payload content is possible.
upvoted 1 times
...
...
UFanat
2 years, 6 months ago
Selected Answer: B
Tricky configured question. But it's B. NGFW is not processing at Layer 7 if Application Override Policy is in use for this app. Only Layer 4 processing.
upvoted 1 times
...
NNgiggs
3 years, 2 months ago
B is the correct Answer, A can not be an option because A talks of reduction in APP ID processing time. there will be no APP ID processing all together so APP ID is out of the question When an override is configured.
upvoted 3 times
...
trashboat
3 years, 8 months ago
So technically A is also true, but *only for traffic that does not have a pre-defined application.*
upvoted 1 times
...
trashboat
3 years, 8 months ago
B is the correct answer as application override will stop processing traffic identified as a custom application at/after layer 4, however note the Special Note in the following documentation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVLCA0 "The exception to this is when you override to a pre-defined application that supports threat inspection."
upvoted 1 times
...
ThomasDao
3 years, 10 months ago
B - correct
upvoted 1 times
...
joe17021991
4 years, 5 months ago
Answer is C. App Override stops Layer 7 processing not layer 4.
upvoted 2 times
alexblue
4 years, 5 months ago
because it uses the TCP port as override method, it stops at layer 4
upvoted 3 times
...
lol1000
4 years, 1 month ago
Correct b. App-ID stops "at" layer 4.
upvoted 2 times
...
Woody
2 years ago
Agree with Joe. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/app-id/manage-custom-or-unknown-applications Vote for C. B is incorrect!
upvoted 1 times
...
...
rajputparveen
4 years, 6 months ago
B is correct
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago