B and C is correct, if we are choosing C custom application then in the security policy we need to choose Custom Application.

Answer is A and C

https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/app-id/manage-custom-or-unknown-applications

on 3/22 exam

AC, refer to the other replies. Secuity policy will never id anything

security policy doesn't identify apps, app-id does. create a custom app AND/OR use an app override policy to identify the app based on traffic using it. THEN consult the security policy to figure out whether to block or allow the traffic.

A, C correct answer here

A & C are correct. Security policy allows or denies the traffic, doesnt categorise the application. The two ways you can categorise an application is to define a custom App or use Application override policy where you will still need to define the application ports, IP addresses, zones etc. to identify the application. Application override is not recommended however and should only be used as a temporary workaround while the work is going on to define a custom app for the same traffic.

A and C correct

I think 'A' is wrong because..For internal applications and applications for which there is no App-ID, create custom applications to gain layer 7 visibility into traffic. Don’t use Application Override policy because it bypasses layer 7 processing and threat inspection. The use cases for Application Override are unusual situations with SMB or SIP traffic.

-Manage Custom or Unknown Applications Create a Custom Application with a signature and attach it to a security policy, or create a custom application and define a custom timeout. Avoid creating Application Override

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/app-id/manage-custom-or-unknown-applications#:~:text=Create%20a%20Custom%20Application%20with%20a%20signature%20and%20attach%20it%20to%20a%20security%20policy%2C%20or%20create%20a%20custom%20application%20and%20define%20a%20custom%20timeout.%20Avoid%20creating%20Application%20Override

Stop inventing people. You don't create a security policy to identify the custom application. Correct options are A and C. I'm a PCNSE engineer since 2017 and PCNSC since 2019.

The following choices are available to handle unknown applications: Create security policies to control unknown applications by unknown TCP, unknown UDP or by a combination of source zone, destination zone, and IP addresses. Create a Custom Application with a signature and attach it to a security policy, or create a custom application and define a custom timeout. Avoid creating Application Override policies because they bypass layer 7 application processing and threat inspection, and use less secure stateful layer 4 inspection instead. Instead, use custom timeouts so that you can control and inspect the application traffic at layer 7.

A and C are correct.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clc6CAC

Answer is A and C