Exam PCNSA All Questions

View all questions & answers for the PCNSA exam

Go to Exam

Exam PCNSA topic 1 question 164 discussion

Actual exam question from Palo Alto Networks's PCNSA

Question #: 164
Topic #: 1

[All PCNSA Questions]

DRAG DROP -
Place the steps in the correct packet-processing order of operations.
Select and Place:

Show Suggested Answer

Suggested Answer:

Reference:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0

by markeloff23 at Oct. 9, 2022, 7:35 p.m.

Comments

Submit Cancel

Mouna_cert

Highly Voted 2 years, 1 month ago

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0 1. Zone protection 2. Decryption 3. App-ID 4. Security profile enforcement

upvoted 26 times

blackisok

1 year, 9 months ago

I gree. Best explanation: https://networkinterview.com/packet-flow-in-palo-alto-detailed-explanation/

upvoted 1 times

@blackisok Based on the link you provided this is incorrect. Decryption should be first as it is done in the Tunnel decapsulation of the the Ingress Stage. Zone Protection checks is done in the next Firewall Session Lookup Stage. Then Security Policy, then App-ID. So based on your link it should be 1. Decryption 2. Zone Protection 3. Security Profile 4. App-ID

upvoted 8 times

leini

1 year, 8 months ago

i think this is it too. Security profile should come first before App-ID. If not what App-ID does it know to check if it does not see the profile first.

upvoted 2 times

...

Samurai55_1998_01

Highly Voted 1 year, 11 months ago

I believe that it goes in this order 1.Decryption 2.Zone protection 3.Security profile enforcement 4.App-ID

upvoted 10 times

cert111

1 year, 8 months ago

This seems right to me. Not sure why people are saying Zone protection comes first. The Palo Alto doc says that it's 3.1 - after decryption.

upvoted 1 times

...

Netsan

Most Recent 6 months ago

IPSec/SSL tunnel decryption --> zone protection --> app-id(SSL/SSH) --> SSL/SSH proxy engine --> app-id --> security profile (content inspection )

upvoted 1 times

...

breal

1 year, 1 month ago

This question is confusing as f*ck. It all depends on wether decryption is based on ssl proxy or VPN traffic And wether a session already exists or not. So if this would be adressing a NEW session of SSL Proxy traffic, the order should be 1. Zone protection 2. Decryption 3. App-ID 4. Security profile enforcement

upvoted 2 times

...

Calica

1 year, 2 months ago

Decryption Zone protection App-ID Security profile enforcement

upvoted 2 times

...

dawlims

1 year, 5 months ago

I think it should be Decryption, Zone Protection, App-ID then Security Profile enforcement. See link below. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0

upvoted 2 times

...

nolox

1 year, 10 months ago

1. Zone protection 2. Security profile enforcement 3. Decryption 4. App id

upvoted 1 times

...

khaled_ellaboudy

1 year, 11 months ago

1. Zone protection 2. Decryption 3. App id 4. Security profile enforcement

upvoted 6 times

LetsDiscuss23

1 year, 10 months ago

This is correct

upvoted 1 times

...

Neil_Neo234

2 years, 2 months ago

https://networkinterview.com/packet-flow-in-palo-alto-detailed-explanation/

upvoted 2 times

...

markeloff23

2 years, 3 months ago

Zone Protection Checks TCP State Check Forwarding (based on interface type) NAT Policy Lookup (only L3 & Virt wire) DoS Protection Policy Lookup Security Policy Lookup Session Allocation Firewall Session Fast Path (if packet from existing session) Security Processing Captive Portal Application Identification Content Inspection Forwarding/Egress (includes QoS)

upvoted 5 times

Samurai55_1998_01

1 year, 11 months ago

Where would you say that decryption process is taking place?

upvoted 2 times

Ermbmx2

1 year, 8 months ago

I would say it would have to be taking place first or else the contents of the packet wouldnt be able to be read to determine the remaining Zone/Security/App info.

upvoted 1 times

...