Exam PCNSE All QuestionsBrowse all questions from this exam
Go to Exam
Question 72

An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the company's proprietary accounting application. The administrator wants to reliably identify this traffic as their accounting application and to scan this traffic for threats.

Which option would achieve this result?

    Correct Answer: A

    To identify the proprietary accounting application traffic reliably and scan it for threats, creating a custom App-ID and enabling scanning on the advanced tab is the appropriate solution. This approach ensures that the traffic is recognized specifically as the company’s accounting application and allows for thorough threat scanning. Application Override policies, on the other hand, do not allow for detailed application signatures and may disable higher-layer threat scanning, which is essential for security in this context.

Discussion
trashboatOption: A

A is the correct answer: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/app-id/manage-custom-or-unknown-applications.html

hpbdcbOption: A

absolutely A. take note of "reliably identify" here - which excludes B.

ameeeeen

True, it's also said ' to scan this traffic for threats' which exludes B too

MS_NWOption: A

Looks like A https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK

SarbiOption: B

It is B. Once you enable application override it will not go beyound layer 4.

javim

I agree

sujss

Then how would this be accomplished ? "and to scan this traffic for threats."

UFanatOption: A

Application Override policy disables scan for threats

Gngogh

it depends if you choose a parent app or not

MarshpillowzOption: A

A is correct

sov4Option: A

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK

drpccOption: D

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/app-id/manage-custom-or-unknown-applications.html "create a custom application and define an application override policy"

Xuzi

D option is not saying "custom" but - Create an Application Override policy. Create a Custom Application with a signature and attach it to a security policy, or create a custom application and define an application override policy https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/app-id/manage-custom-or-unknown-applications

datzOption: A

Correct a https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK