ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 529 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 529
Topic #: 1
[All PCNSE Questions]

With the default TCP and UDP settings on the firewall, what will be the identified application in the following session?

  • A. insufficient-data
  • B. incomplete
  • C. not-applicable
  • D. unknown-tcp
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by mercysayno765 at June 11, 2023, 3:33 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nebulanerd
10 months, 2 weeks ago
Selected Answer: C
not-applicable , denied by security policy and "bytes received" = 0
upvoted 3 times
...
Marshpillowz
1 year, 3 months ago
Selected Answer: C
C is correct
upvoted 2 times
...
Sammy3637
1 year, 4 months ago
Selected Answer: C
not-applicable , denied by security policy
upvoted 2 times
...
Andromeda1800
1 year, 4 months ago
Selected Answer: C
Correct is C Not-Applicable.
upvoted 1 times
...
brian7857ffs45
1 year, 5 months ago
This question was on the exam.. Nov 2023
upvoted 3 times
...
HaillyHops
1 year, 9 months ago
It's C. C = not-applicable = Port not allowed by the Security Policy: because the Session End Reason is policy-deny. B = incomplete = No date packets seen subsequent to session initiation: B would've been the correct answer if the Session End Reason was aged-out.
upvoted 4 times
...
sov4
1 year, 9 months ago
Selected Answer: C
I would say C. Traffic didnt match any other policies and so landed at the implicit "deny all" policy. If it's deny all, the traffic was dropped before the application could be determined. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC
upvoted 1 times
sov4
1 year, 9 months ago
Correction: it wasnt an implicit deny all, but it was a deny all rule, which would have the same impact on the packet. Answer imo still C.
upvoted 1 times
...
...
Knowledge33
1 year, 10 months ago
Selected Answer: C
ACtion "Deny" Then "not-applicable". https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClspCAC
upvoted 1 times
...
procheeseburger
1 year, 10 months ago
Selected Answer: C
C, Traffic hit the deny vwire policy.
upvoted 1 times
...
[Removed]
1 year, 10 months ago
C Could be not-applicable as this traffic was dropped: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClspCAC
upvoted 2 times
...
BryanSalazar
1 year, 11 months ago
I would say the right option is C: Not-applicable means that the Palo Alto device has received data that will be discarded because the port or service that the traffic is coming in on is not allowed, or there is no rule or policy allowing that port or service
upvoted 1 times
...
mercysayno765
1 year, 11 months ago
I think this might be B, but I'm not sure. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC
upvoted 1 times
lildevil
1 year, 10 months ago
I like B because it's only one packet. If it was tcp-unkown you would have had at least the 3 way handshake.
upvoted 2 times
...
PaloSteve
1 year, 9 months ago
From this article: Incomplete means that either the three-way TCP handshake did not complete OR the three-way TCP handshake did complete but there was no enough data after the handshake to identify the application. Insufficient data means not enough data to identify the application. Unknown-tcp means the firewall captured the three-way TCP handshake, but the application was not identified. Not-applicable means that the Palo Alto device has received data that will be discarded because the port or service that the traffic is coming in on is not allowed, or there is no rule or policy allowing that port or service. The answer is C- Not-applicable.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago