Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Go to Exam

Question 259

Which three statements correctly describe Session 380280? (Choose three.)

The application was initially identified as "ssl."

The session has ended with the end-reason "unknown."

The session cid not go through SSL decryption processing.

The application shifted to "web-browsing."

The session went through SSL decryption processing.

Correct Answer: A, C, D

Session 380280 involves traffic that was initially identified as

Discussion

Shenanigans123Options: ADE

There is a lack of available documentation for this CLI command. I think the answer is ADE Cannot be B because session is still active, hence reason "unknown" I don't think it can be C because "session proxied" is true which I've only seen when SSL Decryption is being performed - regular HTTP traffic does not show this flag

Loloshikovichev

I agree, ADE seems to be correct.

LoloshikovichevOptions: ADE

ADE is correct. Session is still active, hence 'unknown' end reason, as mentioned correctly by Shenanigans123.

scallyOptions: BDE

With the destination port being 443 and the application being web-browsing, that means that this was decrypted. The session clearly says it ended as unknown.

Knowledge33

on session id, we always have the end reason field fulfilled. "unknown means there is nothing. In other word, the session is still active. When the session is ended, you have different things such as INIT or other

network_020Options: ADE

Session Proxied : Yes means session is ssl decrypted Before decryption identified as ssl and after decryption identified as web browsing

Bau24Options: ADE

Correct answers: ADE

ansibaiOptions: ADE

I perform this in lab.

WhizdhumOptions: ADE

Answers are A, D, E.

seb_berlinOptions: ADE

Got his question in December 2023 only good two choices to answer. selected D and E as others already stated end-reason "unkown" is misleading look at the state = ACTIVE session table = actual sessions

MetgatzOptions: ADE

ADE is the correct option

procheeseburger

when I had this question, it only asked for 2 things.

PANWOptions: ADE

How do you know from this info that the session was decrypted? You can infer it from the question by a process of elimination, B&C are wrong

sujss

I believe from "Session Proxied : Yes"

wallaka

Port 443 and app web-browsing is a clue as well.

PANW

the sh session command only shows active sessions, can't be B

DenskyDenOptions: ADE

ADE. The fact that the session is still active, it can't be B.

SarbiOptions: ADE

ADE is correct. As the initial traffic is on port 443 and after that application shift occurs and the session is still active.

mz101Options: ADE

Should be ADE. "end reason: unknown" will show for all "ACTIVE" sessions. So B is not correct.

tenebroxOptions: BDE

end session unknow is a valid en reason

TMoose

unknown—This value applies in the following situations: Session terminations that the preceding reasons do not cover (for example, a clear session all command). For logs generated in a PAN-OS release that does not support the session end reason field (releases older than PAN-OS 6.1), the value will be unknown after an upgrade to the current PAN-OS release or after the logs are loaded onto the firewall. In Panorama, logs received from firewalls for which the PAN-OS version does not support session end reasons will have a value of unknown. BDE

Gngogh

The fact is that the session is still in the ACTIVE state, therefore the answer "the session has ended with the end-reason unknown" is not valid, because the session hasn't ended.

Gngogh

When the session ends the state changes to INIT.