With the default TCP and UDP settings on the firewall, what will be the identified application in the following session?
With the default TCP and UDP settings on the firewall, what will be the identified application in the following session?
The correct answer is 'not-applicable.' This is because the session end reason is 'policy-deny,' indicating that the traffic was dropped by a security policy before an application could be identified. 'Not-applicable' means that the Palo Alto device discarded the data because the port or service was not allowed, or no policy permitted that port or service.
This question was on the exam.. Nov 2023
It's C. C = not-applicable = Port not allowed by the Security Policy: because the Session End Reason is policy-deny. B = incomplete = No date packets seen subsequent to session initiation: B would've been the correct answer if the Session End Reason was aged-out.
not-applicable , denied by security policy
C Could be not-applicable as this traffic was dropped: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClspCAC
not-applicable , denied by security policy and "bytes received" = 0
C is correct
Correct is C Not-Applicable.
I would say C. Traffic didnt match any other policies and so landed at the implicit "deny all" policy. If it's deny all, the traffic was dropped before the application could be determined. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC
Correction: it wasnt an implicit deny all, but it was a deny all rule, which would have the same impact on the packet. Answer imo still C.
ACtion "Deny" Then "not-applicable". https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClspCAC
C, Traffic hit the deny vwire policy.
I would say the right option is C: Not-applicable means that the Palo Alto device has received data that will be discarded because the port or service that the traffic is coming in on is not allowed, or there is no rule or policy allowing that port or service
I think this might be B, but I'm not sure. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC
I like B because it's only one packet. If it was tcp-unkown you would have had at least the 3 way handshake.
From this article: Incomplete means that either the three-way TCP handshake did not complete OR the three-way TCP handshake did complete but there was no enough data after the handshake to identify the application. Insufficient data means not enough data to identify the application. Unknown-tcp means the firewall captured the three-way TCP handshake, but the application was not identified. Not-applicable means that the Palo Alto device has received data that will be discarded because the port or service that the traffic is coming in on is not allowed, or there is no rule or policy allowing that port or service. The answer is C- Not-applicable.