Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
A customer has an application that is being identified as unknown-tcp for one of their custom PostgreSQL database connections. Which two configuration options can be used to correctly categorize their custom database application? (Choose two.)
A.
Application Override policy.
B.
Security policy to identify the custom application.
Disagree - Question is how to correctly categorize the applicaiton.
Security Policy is how to deal with an unknown app - as in how to allow it despite having no app-id for it. It does not deal with categorizing the app.
B. Security policy to identify the custom application.
B is there to identify customer app-ID? as advised it is custom so allowing traffic is not issue to find out what APP-ID is inside a Traffic
Must be A and C
security policy doesn't identify apps, app-id does.
create a custom app AND/OR use an app override policy to identify the app based on traffic using it. THEN consult the security policy to figure out whether to block or allow the traffic.
A & C are correct. Security policy allows or denies the traffic, doesnt categorise the application. The two ways you can categorise an application is to define a custom App or use Application override policy where you will still need to define the application ports, IP addresses, zones etc. to identify the application. Application override is not recommended however and should only be used as a temporary workaround while the work is going on to define a custom app for the same traffic.
I think 'A' is wrong because..For internal applications and applications for which there is no App-ID, create custom applications to gain layer 7 visibility into traffic. Don’t use Application Override policy because it bypasses layer 7 processing and threat inspection. The use cases for Application Override are unusual situations with SMB or SIP traffic.
-Manage Custom or Unknown Applications
Create a Custom Application with a signature and attach it to a security policy, or create a custom application and define a custom timeout. Avoid creating Application Override
Stop inventing people. You don't create a security policy to identify the custom application. Correct options are A and C. I'm a PCNSE engineer since 2017 and PCNSC since 2019.
The following choices are available to handle unknown applications:
Create security policies to control unknown applications by unknown TCP, unknown UDP or by a combination of source zone, destination zone, and IP addresses.
Create a Custom Application with a signature and attach it to a security policy, or create a custom application and define a custom timeout. Avoid creating Application Override policies because they bypass layer 7 application processing and threat inspection, and use less secure stateful layer 4 inspection instead. Instead, use custom timeouts so that you can control and inspect the application traffic at layer 7.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dhanala
Highly Voted 3 years, 9 months agoGivemeMoney
2 years, 3 months agoGabranch
5 months agodatz
1 year, 10 months agotester12
Highly Voted 4 years, 6 months agogradski
Most Recent 2 weeks, 2 days ago428cd48
4 weeks agoMar_a_Lagoon
1 month, 1 week agoSH_
2 months, 1 week agoMarshpillowz
2 months, 3 weeks agoJRKhan
3 months, 1 week agoonkel_andi
4 months, 2 weeks agodorf05
4 months, 2 weeks agoNina93523
4 months, 2 weeks agogc999
4 months, 4 weeks agoskullomania
5 months, 1 week agoXuzi
5 months, 2 weeks agoMicutzu
6 months, 1 week ago[Removed]
6 months, 2 weeks agocajarquin
6 months, 3 weeks ago