Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 586

Why would a traffic log list an application as "not-applicable"?

Answer options

• A. There was not enough application data after the TCP connection was established.
• B. The TCP connection terminated without identifying any application data.
• C. The firewall denied the traffic before the application match could be performed.
• D. The application is not a known Palo Alto Networks App-ID.

Correct answer: C

Explanation

The correct answer is C because if the firewall denies the traffic before it can match the application, it will not have enough information to classify it. Options A and B imply the connection was established, and option D pertains to unrecognized applications, which would not specifically cause a 'not-applicable' status.