With the default TCP and UDP settings on the firewall, what will be the identified application in the following session?
With the default TCP and UDP settings on the firewall, what will be the identified application in the following session?
The correct answer is 'not-applicable.' This is because the session end reason is 'policy-deny,' indicating that the traffic was dropped by a security policy before an application could be identified. 'Not-applicable' means that the Palo Alto device discarded the data because the port or service was not allowed, or no policy permitted that port or service.
It's C. C = not-applicable = Port not allowed by the Security Policy: because the Session End Reason is policy-deny. B = incomplete = No date packets seen subsequent to session initiation: B would've been the correct answer if the Session End Reason was aged-out.
This question was on the exam.. Nov 2023
C Could be not-applicable as this traffic was dropped: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClspCAC
not-applicable , denied by security policy
I think this might be B, but I'm not sure. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC
I like B because it's only one packet. If it was tcp-unkown you would have had at least the 3 way handshake.
From this article: Incomplete means that either the three-way TCP handshake did not complete OR the three-way TCP handshake did complete but there was no enough data after the handshake to identify the application. Insufficient data means not enough data to identify the application. Unknown-tcp means the firewall captured the three-way TCP handshake, but the application was not identified. Not-applicable means that the Palo Alto device has received data that will be discarded because the port or service that the traffic is coming in on is not allowed, or there is no rule or policy allowing that port or service. The answer is C- Not-applicable.
I would say the right option is C: Not-applicable means that the Palo Alto device has received data that will be discarded because the port or service that the traffic is coming in on is not allowed, or there is no rule or policy allowing that port or service
C, Traffic hit the deny vwire policy.
ACtion "Deny" Then "not-applicable". https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClspCAC
I would say C. Traffic didnt match any other policies and so landed at the implicit "deny all" policy. If it's deny all, the traffic was dropped before the application could be determined. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC
Correction: it wasnt an implicit deny all, but it was a deny all rule, which would have the same impact on the packet. Answer imo still C.
Correct is C Not-Applicable.
C is correct
not-applicable , denied by security policy and "bytes received" = 0