Made an account just to tell you guys the correct answer is A. Application is first identified as SSL on port 443, then decrypted, then identified as web-browsing on port 443. Application identification changes due to app shift, but the port number doesn't! Correct answer is A.

The answer should be C.... Application - HTTPS = SSL, HTTP = Web Browsing.......Service- SSL=443, Web-Browsing=80

Answer is A.

A, apparently.

Option A is correct.

After being decrypted, the traffic is web-browsing traffic / port 443. Before being decrypted, the traffic is ssl traffic / port 443.

Correct answer: A. After a packet is decrypted we see web browsing in logs.

Correct answer is A

If its decrypted than it will know that APP-ID = Web-Browsing and port 443 - SO A for sure

It is definitely "A". Just looked it up on a firewall: show session all filter source 192.168.0.*** -------------------------------------------------------------------------------- ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port]) Vsys Dst[Dport]/Zone (translated IP[Port]) -------------------------------------------------------------------------------- 20714 web-browsing ACTIVE FLOW *NS 192.168.0.***[63325]/abc00/6 (***.***.***.***[35661]) vsys1 104.208.16.90[443]/def00 (104.208.16.90[443]) and looking more closely: show session id 20714 Session 20714 c2s flow: source: 192.168.0.*** [abc00] dst: 104.208.16.90 proto: 6 sport: 63325 dport: 443 ... application : web-browsing ... tracker stage firewall : TCP FIN tracker stage l7proc : proxy timer expired end-reason : tcp-fin

Correct answer is A.

Correct answer is A.

The exam has changed. I only saw 4-5 questions from this dump on the exam.

Correct answer : A

Please change this answer to A PA changed this after PAN OS 9.0 Ref: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmdLCAS

A is the right answer, you can test this using any demo system of pan

Definitely A