For traffic that matches the attributes defined in a security policy, you can apply the following actions: DROP Silently drops the traffic; for an application, it overrides the default deny action. A TCP reset is not sent to the host/application. For Layer 3 interfaces, to optionally send an ICMP unreachable response to the client, set Action: Drop and enable the Send ICMP Unreachable check box. When enabled, the firewall sends the ICMP code for communication with the destination is administratively prohibited—ICMPv4: Type 3, Code 13; ICMPv6: Type 1, Code 1.

It's D Reset both= Sends a TCP reset to both the client-side and server-side devices.

It looks like A. D would be valid, if the security policy action will be deny and not drop as mentioned in the question. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClltCAC

guys its D, i just had it in the Practice Exam, may-2023

It will not process the application profile and drop the traffic; A

The correct answer is A

answer id D as on the Palo Alto practice exam link below https://beacon.paloaltonetworks.com/assessment_responses/report/16167409#assessment-response-details

Security policy action comes first. So the action will be drop

"the action is drop" this is stated in the question :) Drop: Silently drops the traffic; for an application, it overrides the default deny action. A TCP reset is not sent to the host/application.

The answer is D https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/security-policy/security-policy-actions Reset both= Sends a TCP reset to both the client-side and server-side devices.

correct answer is A

The correct answer is D. Reset-both => Sends a TCP reset to both the client-side and server-side devices. https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/objects/objects-security-profiles-vulnerability-protection

If a policy is set to drop, it will take precedence over the app I’d configuration

Should be A because the comment "and the action is drop" as is not a deny the security policy rule will not fall under the Deny APP default action.

Reset Both For TCP, resets the connection on both the client and server ends. For UDP, drops the connection.