Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 88

An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the company's proprietary accounting application. The administrator wants to reliably identify this traffic as their accounting application and to scan this traffic for threats.
Which option would achieve this result?

Answer options

• A. Create a custom App-ID and enable scanning on the advanced tab.
• B. Create an Application Override policy.
• C. Create a custom App-ID and use the ג€ordered conditionsג€ check box.
• D. Create an Application Override policy and a custom threat signature for the application.

Correct answer: A

Explanation

Option A is correct because creating a custom App-ID allows for the identification of the traffic associated with the accounting application, and enabling scanning ensures that the traffic is monitored for threats. The other options either do not provide the necessary identification of the application traffic or do not include a scanning mechanism, making them less effective for the administrator's goal.