Palo Alto Networks SSE Engineer — Question 46
A user connected to Prisma Access reports that traffic intermittently is denied after matching a Catch-All Deny rule at the bottom and bypassing HIP-based policies. Refreshing VPN connection restores the access.
What are two reasons for this behavior? (Choose two.)
Answer options
- A. “Collect HIP data” needs to be enabled in the configuration.
- B. User mapping is learned from sources other than gateway authentication.
- C. Firewall loses user mapping due to missed HIP report checks.
- D. HIP-enforced policy is scheduled for certain hours of the day.
Correct answer: B, C
Explanation
Option B is correct because user mapping can indeed originate from various sources beyond just gateway authentication. Option C is also correct as the firewall may lose user mapping if it fails to receive HIP reports, leading to traffic denial. Options A and D do not directly address the intermittent connectivity issue described.