Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Question 17

Decrypted packets from the website https://www.microsoft.com will appear as which application and service within the Traffic log?

web-browsing and 443

SSL and 80

SSL and 443

web-browsing and 80

Correct Answer: C

Decrypted packets from the website https://www.microsoft.com will appear as SSL and 443 in the Traffic log. This is because HTTPS traffic is encrypted using SSL/TLS, which uses port 443. Once the SSL traffic is decrypted, the service will still be identified as occurring on port 443.

Discussion

PachecoOption: A

Made an account just to tell you guys the correct answer is A. Application is first identified as SSL on port 443, then decrypted, then identified as web-browsing on port 443. Application identification changes due to app shift, but the port number doesn't! Correct answer is A.

kerberos

you are correct!

mannyvicOption: C

The answer should be C.... Application - HTTPS = SSL, HTTP = Web Browsing.......Service- SSL=443, Web-Browsing=80

kraut

no, since ssl forward proxy is in place. ssl is getting "decrypted", and traffic is identified as web-browsing. app-id will be ssl initially but *shift*!

kam1967

The exam has changed. I only saw 4-5 questions from this dump on the exam.

renzanjo

Seriously??

Bighize

kam1967 is telling the truth. same thing happened to me.

RJ45TP

Have you seen a good dump anywhere else!?

Breyarg

ffs i just paid to use this as well...... anyone have a valid dump!?!?!? i have my exam next week :(

LaithFraij

what happened with you ?

ElvenkingOption: A

It is definitely "A". Just looked it up on a firewall: show session all filter source 192.168.0.*** -------------------------------------------------------------------------------- ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port]) Vsys Dst[Dport]/Zone (translated IP[Port]) -------------------------------------------------------------------------------- 20714 web-browsing ACTIVE FLOW *NS 192.168.0.***[63325]/abc00/6 (***.***.***.***[35661]) vsys1 104.208.16.90[443]/def00 (104.208.16.90[443]) and looking more closely: show session id 20714 Session 20714 c2s flow: source: 192.168.0.*** [abc00] dst: 104.208.16.90 proto: 6 sport: 63325 dport: 443 ... application : web-browsing ... tracker stage firewall : TCP FIN tracker stage l7proc : proxy timer expired end-reason : tcp-fin

rociohaOption: A

A is the right answer, you can test this using any demo system of pan

MekoOption: A

After being decrypted, the traffic is web-browsing traffic / port 443. Before being decrypted, the traffic is ssl traffic / port 443.

UFanatOption: A

Correct answer: A. After a packet is decrypted we see web browsing in logs.

evdwOption: A

Correct answer : A

vj77Option: A

Please change this answer to A PA changed this after PAN OS 9.0 Ref: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmdLCAS

0d2fdfaOption: A

As mentioned before, application is identified as ssl and then web browsing after decryption.

MarshpillowzOption: A

Answer is A.

woody_Option: A

A, apparently.

firebOption: A

Option A is correct.

William88Option: A

Correct answer is A

datzOption: A

If its decrypted than it will know that APP-ID = Web-Browsing and port 443 - SO A for sure

AbuHussainOption: A

Correct answer is A.

Syn1337Option: A

Correct answer is A.