D is Correct There is no application called "encrypted BitTorrent" so "B" is not the correct answer. If the application was just "BitTorrent" then "B" would be correct. "A" would not work either since you would still need to create a Decryption Profile which is not mentioned. "D" is the most complete answer which is to create the Decryption Profile and attach it to the Decryption rule. I found a PaloAlto KB article about blocking Tor traffic using a Decryption Profile that is blocking Unsupported cipher's, expired certificates, etc. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRtCAK

D is the least wrong

D appears to be correct

Most suitable answer is D. The firewall couldnt decrypt the traffic probably because of the use of unsupported ciphers hence the reason in subsequent packets the application is identified as SSL. If the firewall was able to decrypt the traffic, even if it couldnt identify the application it would mark the traffic as web-browsing and not SSL.

Guys, why not A. Seems correct, the FW will leave the bittorrent as bittorrent and block it. Instead of decrypting it. Are we sure the Bittorrent crypto is going to use unsupported ciphers (as that can easily be fixed from the developers)?

Don't love this kind of question. Seems incomplete.

D - correct. You need to fix decryption options, not security policy rule.

answer is D

D is correct

The administrator has created a decryption policy, but bittorrent is slipping past it, only being detected as "ssl", so the admin needs to create a decryption profile to block the evasive behavior, probably bittorrent is using an unsupported cipher, hence the decryption policy failure. D.

I think it is D, App-ID doesn't have Encrypted-Bittorent

D is correct: B is not correct because the reason the two other sessions are showing allowed as SSL is because they are not being decrypted, otherwise they would be recognized as tor/unknown application and not allowed on the security policy rule. The likely reason for this is they are using unsupported ciphers/etc. - so the answer is D. C is not relevant. A is also not correct because the goal is to decrypt the traffic to identify it, so this is the opposite of what is trying to be accomplished.

B is not correct... as "encrypted bittorrent" doesn't exist in app-id. So I should go D...

check https://applipedia.paloaltonetworks.com/ there is no app encrypted bittorrent. other then that the rest is clear so D.

Correct answer is D

D is correct Block sessions that use cipher suites you don’t support. You configure which cipher suites (encryption algorithms) to allow on the SSL Protocol Settings tab. Don’t allow users to connect to sites with weak cipher suites.

I think that correct answer is B.