Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Palo-Alto-Networks Discussions

Exam PCNSE topic 1 question 604 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 604
Topic #: 1
[All PCNSE Questions]

A firewall engineer has determined that, in an application developed by the company’s internal team, sessions often remain idle for hours before the client and server exchange any data. The application is also currently identified as unknown-tcp by the firewalls. It is determined that because of a high level of trust, the application does not require to be scanned for threats, but it needs to be properly identified in Traffic logs for reporting purposes.

Which solution will take the least time to implement and will ensure the App-ID engine is used to identify the application?

  • A. Create a custom application with specific timeouts and signatures based on patterns discovered in packet captures.
  • B. Access the Palo Alto Networks website and complete the online form to request that a new application be added to App-ID.
  • C. Create a custom application with specific timeouts, then create an application override rule and reference the custom application.
  • D. Access the Palo Alto Networks website and raise a support request through the Customer Support Portal.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by hcir at March 30, 2024, 8:46 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
hcir
Highly Voted 1 month ago
A is the answer. If it was a commercial application, B would be the answer. But because it is an internal application, creating a custom app is the way to go.
upvoted 7 times
Thunnu
1 month ago
why not C?
upvoted 2 times
Djeep12345
1 month ago
I will go with C
upvoted 1 times
DatITGuyTho1337
4 weeks, 1 day ago
Going with C means that the FW will stop using the App-ID engine because of the application override policy rule. A is the answer.
upvoted 1 times
Thunnu
3 weeks, 5 days ago
Yes we don't require the layer 4 to 7 scans. As the question itself mentioned not required to be scanned for threats.
upvoted 2 times
...
...
...
hcir
1 month ago
A requirement is to be able to properly identify the application in the logs and reporting. With app-override, no application is identified, only TCP or UDP.
upvoted 3 times
...
...
...
PacketsDownRange99
Most Recent 1 week, 1 day ago
Selected Answer: A
Agree with the rest. A
upvoted 1 times
...
VenomX51
1 week, 1 day ago
Selected Answer: A
"...and will ensure the App-ID engine is used to identify the application" - This requires a signature. If you just create a custom app based on port and protocol, it's not using the App-ID engine to identify the app, and any traffic that matches that same port/protocol/source/destination will be identified as the custom app.
upvoted 1 times
...
JustWondering
1 week, 6 days ago
Selected Answer: C
C is the correct answer. It does not say AppID needs to be done. It states that Traffic Logs need to see the application. The question asks about the the LEAST time to implement. Answer A requires packet captures.
upvoted 1 times
...
tonykolo
2 weeks, 2 days ago
Selected Answer: A
A -Creating a custom app takes less time time to implement than waiting for PA to create an app-ID. You don't need an app-override either.
upvoted 1 times
...
rhinogkn24
3 weeks, 6 days ago
Also C will take "less time" since no packet capture is required.
upvoted 1 times
...
rhinogkn24
3 weeks, 6 days ago
Selected Answer: C
When you create a custom app (with no signature) the custom app name referenced in the Sec Policy Rule will also be used to ID the custom app name in the traffic logs. Therefore properly identified per the reporting requirements.
upvoted 1 times
...
k3rnelpanicpj
4 weeks ago
Selected Answer: A
A is correct
upvoted 1 times
...
Reyad789
1 month ago
The answer is A, because in the question they mentioned that the App-ID process must be preformed. Application override policies skip the App-ID process.
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel