ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 17 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 17
Topic #: 1
[All PCNSE Questions]

Decrypted packets from the website https://www.microsoft.com will appear as which application and service within the Traffic log?

  • A. web-browsing and 443
  • B. SSL and 80
  • C. SSL and 443
  • D. web-browsing and 80
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by tester12 at Sept. 9, 2019, 8:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pacheco
Highly Voted 3 years, 10 months ago
Made an account just to tell you guys the correct answer is A. Application is first identified as SSL on port 443, then decrypted, then identified as web-browsing on port 443. Application identification changes due to app shift, but the port number doesn't! Correct answer is A.
upvoted 38 times
kerberos
3 years ago
you are correct!
upvoted 1 times
...
...
mannyvic
Highly Voted 4 years, 10 months ago
The answer should be C.... Application - HTTPS = SSL, HTTP = Web Browsing.......Service- SSL=443, Web-Browsing=80
upvoted 10 times
kraut
3 years, 3 months ago
no, since ssl forward proxy is in place. ssl is getting "decrypted", and traffic is identified as web-browsing. app-id will be ssl initially but *shift*!
upvoted 3 times
...
...
NazmulHossain
Most Recent 1 week, 1 day ago
Selected Answer: A
As the question asks about the application after packet decryption, it will see the application as Web-Browsing with port 443.
upvoted 1 times
...
0d2fdfa
2 months, 1 week ago
Selected Answer: A
As mentioned before, application is identified as ssl and then web browsing after decryption.
upvoted 1 times
...
Marshpillowz
5 months, 3 weeks ago
Selected Answer: A
Answer is A.
upvoted 1 times
...
Woody
1 year, 7 months ago
A, apparently.
upvoted 1 times
...
fireb
2 years ago
Option A is correct.
upvoted 1 times
...
Meko
2 years, 1 month ago
Selected Answer: A
After being decrypted, the traffic is web-browsing traffic / port 443. Before being decrypted, the traffic is ssl traffic / port 443.
upvoted 2 times
...
UFanat
2 years, 1 month ago
Selected Answer: A
Correct answer: A. After a packet is decrypted we see web browsing in logs.
upvoted 2 times
...
William88
2 years, 1 month ago
Correct answer is A
upvoted 1 times
...
datz
2 years, 1 month ago
Selected Answer: A
If its decrypted than it will know that APP-ID = Web-Browsing and port 443 - SO A for sure
upvoted 1 times
...
Elvenking
2 years, 3 months ago
It is definitely "A". Just looked it up on a firewall: show session all filter source 192.168.0.*** -------------------------------------------------------------------------------- ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port]) Vsys Dst[Dport]/Zone (translated IP[Port]) -------------------------------------------------------------------------------- 20714 web-browsing ACTIVE FLOW *NS 192.168.0.***[63325]/abc00/6 (***.***.***.***[35661]) vsys1 104.208.16.90[443]/def00 (104.208.16.90[443]) and looking more closely: show session id 20714 Session 20714 c2s flow: source: 192.168.0.*** [abc00] dst: 104.208.16.90 proto: 6 sport: 63325 dport: 443 ... application : web-browsing ... tracker stage firewall : TCP FIN tracker stage l7proc : proxy timer expired end-reason : tcp-fin
upvoted 6 times
...
AbuHussain
2 years, 3 months ago
Selected Answer: A
Correct answer is A.
upvoted 1 times
...
Syn1337
2 years, 4 months ago
Selected Answer: A
Correct answer is A.
upvoted 1 times
...
kam1967
2 years, 9 months ago
The exam has changed. I only saw 4-5 questions from this dump on the exam.
upvoted 6 times
renzanjo
2 years, 8 months ago
Seriously??
upvoted 3 times
Bighize
2 years, 8 months ago
kam1967 is telling the truth. same thing happened to me.
upvoted 1 times
RJ45TP
2 years, 7 months ago
Have you seen a good dump anywhere else!?
upvoted 1 times
...
...
...
Breyarg
2 years, 7 months ago
ffs i just paid to use this as well...... anyone have a valid dump!?!?!? i have my exam next week :(
upvoted 1 times
LaithFraij
1 year, 4 months ago
what happened with you ?
upvoted 1 times
...
...
...
evdw
3 years, 2 months ago
Correct answer : A
upvoted 2 times
...
vj77
3 years, 2 months ago
Please change this answer to A PA changed this after PAN OS 9.0 Ref: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmdLCAS
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago