Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 570

While analyzing the Traffic log, you see that some entries show "unknown-tcp" in the Application column.
What best explains these occurrences?

Answer options

• A. A handshake did take place, but the application could not be identified.
• B. A handshake took place, but no data packets were sent prior to the timeout.
• C. A handshake did not take place, and the application could not be identified.
• D. A handshake took place; however, there were not enough packets to identify the application.

Correct answer: A

Explanation

The correct answer is A because 'unknown-tcp' indicates that the initial handshake was successful, but the specific application could not be determined from the subsequent data. Options B and D suggest issues with data transmission, while C incorrectly states that no handshake occurred, which is not consistent with the presence of 'unknown-tcp'.