Which two features does PAN-OSֲ® software use to identify applications? (Choose two.)
Which two features does PAN-OSֲ® software use to identify applications? (Choose two.)
Palo Alto Networks' PAN-OS software uses App-ID technology to identify applications based on their unique properties and transaction characteristics, rather than relying on traditional identifiers such as port numbers. Additionally, it analyzes the application layer payload to identify applications. Therefore, the correct features used to identify applications are transaction characteristics and application layer payload.
Answer: A,D is correct The Palo Alto Networks firewall does not classify traffic by port and protocol; instead it identifies the application based on its unique properties and transaction characteristics using the App-ID technology. Some applications, however, require the firewall to dynamically open pinholes to establish the connection, determine the parameters for the session and negotiate the ports that will be used for the transfer of data; these applications use the application-layer payload to communicate the dynamic TCP or UDP ports on which the application opens data connections. For such applications, the firewall serves as an Application Level Gateway (ALG), and it opens a pinhole for a limited time and for exclusively transferring data or control traffic. The firewall also performs a NAT rewrite of the payload when necessary. https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/app-id/application-level-gateways#
Correct: A,C "Signatures are then applied to allowed traffic to identify the application based on unique application properties and related [transaction characteristics]. The signature also determines if the application is being used on its [default port or it is using a non-standard port.] If the traffic is allowed by policy, the traffic is then scanned for threats and further analyzed for identifying the application more granularly. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/app-id-overview.html
AD/ App-ID, a patented traffic classification system only available in Palo Alto Networks firewalls, determines what an application is irrespective of port.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/app-id-overview
App-ID, a patented traffic classification system only available in Palo Alto Networks firewalls, determines what an application is irrespective of port, protocol, encryption (SSH or SSL) or any other evasive tactic used by the application. -> notice: "irrespective of port, protocol, encryption" so A+D Details: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/app-id-overview
Palo Alto Networks NGFW can identify app on any port with any session number
A and C
what means transaction characteristics?? Heuristics? why not the port?
My thought on why D instead of C - the 2nd bullet point mentions it'll identify regardless of the port and makes no mention of the port being part if the identification process. The final bullet point is what makes me think it's payload related. https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/app-id/app-id-overview.html
A,D sounds correct
A and D correct
Answer: A + D