ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 259 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 259
Topic #: 1
[All PCNSE Questions]

Which three statements correctly describe Session 380280? (Choose three.)

  • A. The application was initially identified as "ssl."
  • B. The session has ended with the end-reason "unknown."
  • C. The session cid not go through SSL decryption processing.
  • D. The application shifted to "web-browsing."
  • E. The session went through SSL decryption processing.
Show Suggested Answer Hide Answer
Suggested Answer: ADE 🗳️
by Shenanigans123 at April 3, 2022, 10:52 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Shenanigans123
Highly Voted 2 years, 9 months ago
There is a lack of available documentation for this CLI command. I think the answer is ADE Cannot be B because session is still active, hence reason "unknown" I don't think it can be C because "session proxied" is true which I've only seen when SSL Decryption is being performed - regular HTTP traffic does not show this flag
upvoted 10 times
Loloshikovichev
2 years, 9 months ago
I agree, ADE seems to be correct.
upvoted 3 times
...
...
Loloshikovichev
Highly Voted 2 years, 9 months ago
Selected Answer: ADE
ADE is correct. Session is still active, hence 'unknown' end reason, as mentioned correctly by Shenanigans123.
upvoted 6 times
...
Pretorian
Most Recent 1 month, 3 weeks ago
Selected Answer: ACD
Due to port and protocol decoders, session will be identified as SSL, therefore A is correct. Session state shows as "active" therefore, B is incorrect. The output of the command shows "... proxied = no", therefore C is correct (although crappy spelling). The session shows URL Category identified, therefore, after SSL and more payload, the app-id was web-browsing, therefore, D is correct. The output of the command shows "... proxied = no", therefore E is incorrect.
upvoted 1 times
...
Bau24
6 months, 1 week ago
Selected Answer: ADE
Correct answers: ADE
upvoted 1 times
...
ansibai
1 year ago
Selected Answer: ADE
I perform this in lab.
upvoted 1 times
...
Whizdhum
1 year, 1 month ago
Answers are A, D, E.
upvoted 1 times
...
seb_berlin
1 year, 1 month ago
Selected Answer: ADE
Got his question in December 2023 only good two choices to answer. selected D and E as others already stated end-reason "unkown" is misleading look at the state = ACTIVE session table = actual sessions
upvoted 2 times
...
Metgatz
1 year, 1 month ago
ADE is the correct option
upvoted 1 times
...
network_020
1 year, 1 month ago
Session Proxied : Yes means session is ssl decrypted Before decryption identified as ssl and after decryption identified as web browsing
upvoted 4 times
...
procheeseburger
1 year, 7 months ago
when I had this question, it only asked for 2 things.
upvoted 1 times
...
PANW
1 year, 11 months ago
How do you know from this info that the session was decrypted? You can infer it from the question by a process of elimination, B&C are wrong
upvoted 1 times
443Annny
3 weeks, 2 days ago
LOOK AT HE FLOW SESSION C2S AND S2C the fw act as a man in the middle ssl forward proxy
upvoted 1 times
...
sujss
1 year, 8 months ago
I believe from "Session Proxied : Yes"
upvoted 2 times
...
wallaka
1 year, 1 month ago
Port 443 and app web-browsing is a clue as well.
upvoted 1 times
...
...
PANW
1 year, 11 months ago
the sh session command only shows active sessions, can't be B
upvoted 1 times
...
DenskyDen
1 year, 11 months ago
ADE. The fact that the session is still active, it can't be B.
upvoted 1 times
...
Sarbi
2 years ago
ADE is correct. As the initial traffic is on port 443 and after that application shift occurs and the session is still active.
upvoted 1 times
...
mz101
2 years, 1 month ago
Should be ADE. "end reason: unknown" will show for all "ACTIVE" sessions. So B is not correct.
upvoted 1 times
...
scally
2 years, 4 months ago
Selected Answer: BDE
With the destination port being 443 and the application being web-browsing, that means that this was decrypted. The session clearly says it ended as unknown.
upvoted 3 times
Knowledge33
1 year, 7 months ago
on session id, we always have the end reason field fulfilled. "unknown means there is nothing. In other word, the session is still active. When the session is ended, you have different things such as INIT or other
upvoted 2 times
...
...
tenebrox
2 years, 7 months ago
Selected Answer: BDE
end session unknow is a valid en reason
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago