Exam PCNSE All QuestionsBrowse all questions from this exam
Go to Exam
Question 604

A firewall engineer has determined that, in an application developed by the company’s internal team, sessions often remain idle for hours before the client and server exchange any data. The application is also currently identified as unknown-tcp by the firewalls. It is determined that because of a high level of trust, the application does not require to be scanned for threats, but it needs to be properly identified in Traffic logs for reporting purposes.

Which solution will take the least time to implement and will ensure the App-ID engine is used to identify the application?

    Correct Answer: A

    Creating a custom application with specific timeouts and signatures based on patterns discovered in packet captures allows the firewall to properly identify the internal application using the App-ID engine. Custom apps can be tailored to the specific behaviors and patterns of the internal application, ensuring correct logging and reporting. This avoids bypassing the App-ID engine and ensures thorough identification without waiting for external support or updates.

Discussion
hcirOption: A

A is the answer. If it was a commercial application, B would be the answer. But because it is an internal application, creating a custom app is the way to go.

Thunnu

why not C?

hcir

A requirement is to be able to properly identify the application in the logs and reporting. With app-override, no application is identified, only TCP or UDP.

Djeep12345

I will go with C

DatITGuyTho1337

Going with C means that the FW will stop using the App-ID engine because of the application override policy rule. A is the answer.

Thunnu

Yes we don't require the layer 4 to 7 scans. As the question itself mentioned not required to be scanned for threats.

0d2fdfaOption: C

Correct Answer is C https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVLCA0 Example Use Scenario You might ask why we'd ever need to override the normal application identification process. In some cases, customers build their own custom applications to address specific needs unique to the company. For these applications, we may not have signatures to properly identify the expected behavior and identify the traffic with a known application. In such cases, we recommended creating an application override to allow easier identification and reporting, and to prevent confusion.

Reyad789Option: A

The answer is A, because in the question they mentioned that the App-ID process must be preformed. Application override policies skip the App-ID process.

rhinogkn24Option: C

When you create a custom app (with no signature) the custom app name referenced in the Sec Policy Rule will also be used to ID the custom app name in the traffic logs. Therefore properly identified per the reporting requirements.

JustWonderingOption: C

C is the correct answer. It does not say AppID needs to be done. It states that Traffic Logs need to see the application. The question asks about the the LEAST time to implement. Answer A requires packet captures.

PacketsDownRange99Option: A

Agree with the rest. A

VenomX51Option: A

"...and will ensure the App-ID engine is used to identify the application" - This requires a signature. If you just create a custom app based on port and protocol, it's not using the App-ID engine to identify the app, and any traffic that matches that same port/protocol/source/destination will be identified as the custom app.

tonykoloOption: A

A -Creating a custom app takes less time time to implement than waiting for PA to create an app-ID. You don't need an app-override either.

rhinogkn24Option: C

Also C will take "less time" since no packet capture is required.

k3rnelpanicpjOption: A

A is correct