Answer: A,D is correct
The Palo Alto Networks firewall does not classify traffic by port and protocol; instead it identifies the application based on its unique properties and transaction characteristics using the App-ID technology. Some applications, however, require the firewall to dynamically open pinholes to establish the connection, determine the parameters for the session and negotiate the ports that will be used for the transfer of data; these applications use the application-layer payload to communicate the dynamic TCP or UDP ports on which the application opens data connections. For such applications, the firewall serves as an Application Level Gateway (ALG), and it opens a pinhole for a limited time and for exclusively transferring data or control traffic. The firewall also performs a NAT rewrite of the payload when necessary.
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/app-id/application-level-gateways#
Correct: A,C
"Signatures are then applied to allowed traffic to identify the application based on unique application properties and related [transaction characteristics]. The signature also determines if the application is being used on its [default port or it is using a non-standard port.] If the traffic is allowed by policy, the traffic is then scanned for threats and further analyzed for identifying the application more granularly.
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/app-id-overview.html
AD/ App-ID, a patented traffic classification system only available in Palo Alto Networks firewalls, determines what an application is irrespective of port.
App-ID, a patented traffic classification system only available in Palo Alto Networks firewalls, determines what an application is irrespective of port, protocol, encryption (SSH or SSL) or any other evasive tactic used by the application.
-> notice: "irrespective of port, protocol, encryption" so A+D
Details: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/app-id-overview
My thought on why D instead of C - the 2nd bullet point mentions it'll identify regardless of the port and makes no mention of the port being part if the identification process. The final bullet point is what makes me think it's payload related.
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/app-id/app-id-overview.html
This section is not available anymore. Please use the main Exam Page.PCNSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
LeonSKennedy
Highly Voted 4 years, 3 months agoChiaPet75
Highly Voted 4 years, 4 months agoMarshpillowz
Most Recent 9 months, 2 weeks agonguyendtv50
1 year, 5 months agoDenskyDen
1 year, 9 months agoTAKUM1y
2 years, 1 month agohpbdcb
2 years, 1 month agoUFanat
2 years, 4 months ago1Adrian1
2 years, 7 months agorocioha
3 years, 7 months agoJared28
2 years, 8 months agoMr_Cipher
3 years, 10 months ago