An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same NGFW.
The update contains an application that matches the same traffic signatures as the custom application.
Which application should be used to identify traffic traversing the NGFW?
When an administrator creates a custom application containing Layer 7 signatures and an application with similar traffic signatures is later included in an official update, the custom application should be used to identify traffic traversing the NGFW. This is because custom applications take precedence over predefined applications. The custom application is created for specific needs and ensures that the custom requirements and modifications are met. Thus, the custom application should be used for consistent and reliable traffic identification.
Custom applications take precedence over predefined applications when traffic matches both a custom-defined signature and a Palo Alto Networks signature. Accordingly, Traffic logs reflect the custom application name once the new application has been configured. Answer is A
straight from here (bottom of page): https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-and-threat-signatures/about-custom-application-signatures.html Thanks hamshoo
but the question is what SHOULD be used. And the downloaded App should be used for sure
I disagree. If the custom application was created for a specific purpose, the new APP-ID that may happen to also match the custom application could be missing critical additions that have been included in the custom app. For this reason, custom apps should always take precedence over new dynamic apps until the new dynamic apps can be examined to ensure they satisfy all of the requirements that the custom apps satisfies.
Poorly written question. Best practice would be to use the Downloaded application. I think they're asking for which takes precedence so it will be A.
i couldn't agree more
A. https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-and-threat-signatures/about-custom-application-signatures.html
Custom App Sigs DO take precedance over the default downloaded one. But that is not what this question is asking. The questions asks ,"SHOULD you use..." and to that effect no, you should not use the custom application any longer. Instead, use the Palo Alto created App Sig. Answer is C
C - As others stated which *SHOULD* be used. If you want the best possible Content-ID inspections, best protection, you *should* use the app defined by PA themselves.
A I guess another tricky question question is "downloaded" not installed if it was installed probably right answer would be C "downloaded app, but as is not installed I will go for A
it is a tricky question, it ask "Which application should be used" do use the custom app or the PA canned app?
The correct answer is C. Downloaded application. Here's why: App-ID Prioritization: Palo Alto firewalls prioritize official, vendor-provided application signatures (those downloaded in updates) over custom applications. This ensures that the firewall leverages the most up-to-date and reliable application identification mechanisms. Conflict Resolution: When a conflict occurs, the firewall will automatically use the downloaded application, overriding the custom application to avoid potential misidentification. Maintaining Custom Apps: While custom applications are useful for unique traffic not covered by standard applications, it's important to regularly review them against official App-ID updates to avoid conflicts and potential misidentification of traffic.
https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-and-threat-signatures/about-custom-application-signatures Custom applications take precedence over predefined applications when traffic matches both a custom-defined signature and a Palo Alto Networks signature
A, custom apps take precedence over palo app updates
i think correct answer is A
Correct answer is C
I believe the answer is C, as the question says: "What application SHOULD be used", in that case we should use the downloaded app.
"Which application SHOULD be used to identify traffic traversing the NGFW?" is the question. Palo looking for answer C
C. Custom apps take precedence, but the question is saying that PA has released an App-ID for that app, and therefore the custom application should be deleted and the downloaded app should be used instead.
everything what is custom has the highest priority (prcedence)
If you create a custom app and use it in policy then new apps will not take effect as they are not used.