ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 313 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 313
Topic #: 1
[All PCNSE Questions]

With the default TCP and UDP settings on the firewall, what will be the identified application in the following session?

  • A. unknown-udp
  • B. not-applicable
  • C. insufficient-data
  • D. incomplete
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by scally at Sept. 10, 2022, 9:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
scally
Highly Voted 2 years, 4 months ago
Selected Answer: A
A would be the correct answer here. It is a UDP connection on port 443. This would trigger unknown-udp. Incomplete is used in TCP connections only. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC
upvoted 18 times
...
Cro13
Most Recent 4 months, 1 week ago
Selected Answer: A
1-3 packets exchanged ---> incomplete, because not even TCP handshake was completed 4-10 packets exchanged ---> insufficient data, because TCP was completed but we did not see enough packets to precisely determine what application is it 11-more packets exchanged ---> if we can't determine what is the app, it is marked as "unknown"
upvoted 2 times
...
SkyderAmzLee
5 months, 3 weeks ago
Selected Answer: A
here is the link why A is best answer, it said that 11 packet is already unknown https://live.paloaltonetworks.com/t5/general-topics/best-practice-for-insufficient-data/td-p/63535
upvoted 1 times
...
327c7c8
9 months, 3 weeks ago
Selected Answer: C
not-applicable for any deny action. incomplete is for tcp connection with open but not complete 3 way HS, or not enough data to identify the tcp application.(incomplete is used only for tcp connection) now both unknown-udp and insufficint-data are used for udp. againe the question and/or answer are poorly writen. My answer would be both A and C. NOT: A
upvoted 1 times
...
JRKhan
1 year ago
Selected Answer: A
A seems to be correct. For UDP, the firewall only requires the first packet to identify the app, since its a udp connection on port 443, I would go with unknown-udp
upvoted 1 times
...
news088
1 year, 4 months ago
for udp the aplication type can only be unknown-udp or not-aplicable. insuficient-data or incomplete is for TCP. then unknown-udp if the traffic is allowed and not-aplicable if the traffic is not allowed (dicarded). So A should be the correct one.
upvoted 1 times
...
kuaiquchifan
1 year, 6 months ago
Not C for sure, base on the red cross line, the answer should be shorter than "Trust-to-Untrust".
upvoted 2 times
...
ThelioNN
1 year, 7 months ago
For it can be both A and C. 11 packets is right in the middle ot 7 to 14 packets rule to detect the app. Stupid question.
upvoted 1 times
...
kanuwow
1 year, 9 months ago
Selected Answer: A
Unknown UDP
upvoted 2 times
...
daytonadave2011
1 year, 10 months ago
Selected Answer: A
A is the correct answer because the protocol being used is udp.
upvoted 1 times
...
javim
2 years ago
Selected Answer: A
if is not detected application UDP connection only have two possibilities, not-applicable and unknown-udp or unknown-p2p. The correct answer is A
upvoted 2 times
...
TAKUM1y
2 years, 2 months ago
Selected Answer: C
1.https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clc6CAC-----2.https://live.paloaltonetworks.com/t5/blogs/discussion-of-the-week-application-incomplete/ba-p/286965------<aged-out>
upvoted 1 times
...
TAKUM1y
2 years, 2 months ago
Selected Answer: C
https://live.paloaltonetworks.com/t5/general-topics/application-insufficient-data/td-p/43385
upvoted 1 times
...
confusion
2 years, 2 months ago
Selected Answer: C
C for sure
upvoted 1 times
...
datz
2 years, 3 months ago
Selected Answer: A
Unknown UDP
upvoted 2 times
...
DrNick0
2 years, 4 months ago
I agree, A is correct.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago