A customer has an application that is being identified as unknown-tcp for one of their custom PostgreSQL database connections.
Which two configuration options can be used to correctly categorize their custom database application? (Choose two.)
A customer has an application that is being identified as unknown-tcp for one of their custom PostgreSQL database connections.
Which two configuration options can be used to correctly categorize their custom database application? (Choose two.)
To correctly categorize a custom PostgreSQL database application that is being identified as unknown-tcp, you can use an Application Override policy and create a Custom Application. An Application Override policy allows you to specify the traffic characteristics of the custom application, bypassing the default application identification process to ensure the traffic is classified correctly. Creating a Custom Application involves defining specific application signatures and behaviors, allowing precise identification within the firewall's application framework. This approach maintains accurate categorization while providing detailed visibility into the application's traffic characteristics.
B and C is correct, if we are choosing C custom application then in the security policy we need to choose Custom Application.
Yep, B and C https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/app-id/manage-custom-or-unknown-applications.html
Disagree - Question is how to correctly categorize the applicaiton. Security Policy is how to deal with an unknown app - as in how to allow it despite having no app-id for it. It does not deal with categorizing the app.
B. Security policy to identify the custom application. B is there to identify customer app-ID? as advised it is custom so allowing traffic is not issue to find out what APP-ID is inside a Traffic Must be A and C
Answer is A and C
Stop inventing people. You don't create a security policy to identify the custom application. Correct options are A and C. I'm a PCNSE engineer since 2017 and PCNSC since 2019.
https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/app-id/manage-custom-or-unknown-applications
A & C are correct. Security policy allows or denies the traffic, doesnt categorise the application. The two ways you can categorise an application is to define a custom App or use Application override policy where you will still need to define the application ports, IP addresses, zones etc. to identify the application. Application override is not recommended however and should only be used as a temporary workaround while the work is going on to define a custom app for the same traffic.
A and C correct
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/app-id/manage-custom-or-unknown-applications#:~:text=Create%20a%20Custom%20Application%20with%20a%20signature%20and%20attach%20it%20to%20a%20security%20policy%2C%20or%20create%20a%20custom%20application%20and%20define%20a%20custom%20timeout.%20Avoid%20creating%20Application%20Override
Correct answer is A & C
A&C are correct. Application Override to baypass the App-ID and the custom application to indentfie the applications, (then the tow actions to catigorize the applicaitonà)
Which two configuration options can be used to correctly categorize It is about categorization and not the implementation.
on 3/22 exam
AC, refer to the other replies. Secuity policy will never id anything
security policy doesn't identify apps, app-id does. create a custom app AND/OR use an app override policy to identify the app based on traffic using it. THEN consult the security policy to figure out whether to block or allow the traffic.
A, C correct answer here
I think 'A' is wrong because..For internal applications and applications for which there is no App-ID, create custom applications to gain layer 7 visibility into traffic. Don’t use Application Override policy because it bypasses layer 7 processing and threat inspection. The use cases for Application Override are unusual situations with SMB or SIP traffic.
-Manage Custom or Unknown Applications Create a Custom Application with a signature and attach it to a security policy, or create a custom application and define a custom timeout. Avoid creating Application Override
The following choices are available to handle unknown applications: Create security policies to control unknown applications by unknown TCP, unknown UDP or by a combination of source zone, destination zone, and IP addresses. Create a Custom Application with a signature and attach it to a security policy, or create a custom application and define a custom timeout. Avoid creating Application Override policies because they bypass layer 7 application processing and threat inspection, and use less secure stateful layer 4 inspection instead. Instead, use custom timeouts so that you can control and inspect the application traffic at layer 7.