Exam PCNSE topic 1 question 35 discussion

B and C is correct, if we are choosing C custom application then in the security policy we need to choose Custom Application.

Answer is A and C

Ok, so you should avoid using app overrides since it bypasses app-id analysis, instead use a custom application with a defined signature. However, you can categorize an application: 1. Application override - It matches your application using source and destination address, ports, etc. 2. Custom application - You can define a custom application with a admin-defined signature for the app id engine to match. You would have to create a security policy rule using this custom app to allow the traffic, but you won't identify the application with a security policy rule, to identify the app's patterns and create a signature you should perform a pcap. 3. Creating an app id categorization through web, which could be deployed as a new app id in the third week of any month.

A and C are the correct answers. The below is directly from the PANW Firewall help (?): "Policies > Application Override To change how the firewall classifies network traffic into applications, you can specify application override policies. For example, if you want to control one of your custom applications, an application override policy can be used to identify traffic for that application according to zone, source and destination address, port, and protocol. If you have network applications that are classified as “unknown,” you can create new application definitions for them (refer to Defining Applications)." Seems conclusive 👍

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/manage-custom-or-unknown-applications "Create a Custom Application with a signature and attach it to a security policy, or create a custom application and define a custom timeout. Avoid creating Application Override policies because they bypass layer 7 application processing"

B & C Create a Custom Application with a signature and attach it to a security policy, or create a custom application and define a custom timeout. Avoid creating Application Override policies because they bypass layer 7 application processing and threat inspection, and use less secure stateful layer 4 inspection instead. Instead, use custom timeouts so that you can control and inspect the application traffic at layer 7.

Correct answer is A & C

A&C are correct. Application Override to baypass the App-ID and the custom application to indentfie the applications, (then the tow actions to catigorize the applicaitonà)

Which two configuration options can be used to correctly categorize It is about categorization and not the implementation.

https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/app-id/manage-custom-or-unknown-applications

on 3/22 exam

AC, refer to the other replies. Secuity policy will never id anything

security policy doesn't identify apps, app-id does. create a custom app AND/OR use an app override policy to identify the app based on traffic using it. THEN consult the security policy to figure out whether to block or allow the traffic.

A, C correct answer here

A & C are correct. Security policy allows or denies the traffic, doesnt categorise the application. The two ways you can categorise an application is to define a custom App or use Application override policy where you will still need to define the application ports, IP addresses, zones etc. to identify the application. Application override is not recommended however and should only be used as a temporary workaround while the work is going on to define a custom app for the same traffic.

A and C correct

I think 'A' is wrong because..For internal applications and applications for which there is no App-ID, create custom applications to gain layer 7 visibility into traffic. Don’t use Application Override policy because it bypasses layer 7 processing and threat inspection. The use cases for Application Override are unusual situations with SMB or SIP traffic.