Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 473

A firewall engineer has determined that, in an application developed by the company’s internal team, sessions often remain idle for hours before the client and server exchange any data. The application is also currently identified as unknown-tcp by the firewalls. It is determined that because of a high level of trust, the application does not require to be scanned for threats, but it needs to be properly identified in Traffic logs for reporting purposes.

Which solution will take the least time to implement and will ensure the App-ID engine is used to identify the application?

Answer options

• A. Create a custom application with specific timeouts and signatures based on patterns discovered in packet captures.
• B. Access the Palo Alto Networks website and complete the online form to request that a new application be added to App-ID.
• C. Create a custom application with specific timeouts, then create an application override rule and reference the custom application.
• D. Access the Palo Alto Networks website and raise a support request through the Customer Support Portal.

Correct answer: C

Explanation

Option C is the correct choice as it involves creating a custom application and an application override rule, which can be implemented quickly. Options A and B may require more time for development or processing, while D involves submitting a support request, which can also be time-consuming.