Correct: B
"If you define an application override, the firewall stops processing at Layer-4. The custom application name is assigned to the session to help identify it in the logs, and the traffic is not scanned for threats."
(See the bottom of the page)
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/app-id/manage-custom-or-unknown-applications
Alternatively, if you would like the firewall to process the custom application using fast path (Layer-4 inspection instead of using App-ID for Layer-7 inspection), you can reference the custom application in an application override policy rule. An application override with a custom application will prevent the session from being processed by the App-ID engine, which is a Layer-7 inspection. Instead it forces the firewall to handle the session as a regular stateful inspection firewall at Layer-4, and thereby saves application processing time.
correct, so this question is all about the wording, with application override, there is no app ID inspection, only statefull. so answer B wording makes it wrong. a side effect of this is that threat inspection is not taking place , so it could be answer A also
I do not agree that B is the correct answer, however is the only best choice.
answer A: CTD processing time is not decreased, we can only do it or not
answer B: APP-ID is layer 7 processing not layer 4
answer C: APP name is assigned by the Application override policy not security policy
answer D: There is no APP-ID processing, so the time is not increased
I agree. B is correct mainly by elimination. because if the app-ID assigned to the traffic by an Application Override policy rule includes an application signature that has a Parent App based on a non-custom application, then Content-ID (layer 7) inspection of the payload content is possible.
Tricky configured question. But it's B. NGFW is not processing at Layer 7 if Application Override Policy is in use for this app. Only Layer 4 processing.
B is the correct Answer, A can not be an option because A talks of reduction in APP ID processing time. there will be no APP ID processing all together so APP ID is out of the question When an override is configured.
B is the correct answer as application override will stop processing traffic identified as a custom application at/after layer 4, however note the Special Note in the following documentation:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVLCA0
"The exception to this is when you override to a pre-defined application that supports threat inspection."
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ChiaPet75
Highly Voted 4 years, 6 months agoduckduckgooo
1 year, 8 months agoredgi0
4 months agojoe17021991
Highly Voted 4 years, 5 months agoPrutser2
3 years, 6 months agoMarshpillowz
Most Recent 11 months, 1 week agotmp99
1 year, 4 months agoMerlin0o
1 year, 6 months agoyazid0016
2 years agoGngogh
2 years, 1 month agoSH_
10 months, 3 weeks agoUFanat
2 years, 6 months agoNNgiggs
3 years, 2 months agotrashboat
3 years, 8 months agotrashboat
3 years, 8 months agoThomasDao
3 years, 10 months agojoe17021991
4 years, 5 months agoalexblue
4 years, 5 months agolol1000
4 years, 1 month agoWoody
2 years agorajputparveen
4 years, 6 months ago