Valid PCNSE Dumps shared by ExamDiscuss.com for Helping Passing PCNSE Exam! ExamDiscuss.com now offer the newest PCNSE exam dumps, the ExamDiscuss.com PCNSE exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com PCNSE dumps with Test Engine here:
Company.com has an in-house application that the Palo Alto Networks device doesn't identify correctly. A Threat Management Team member has mentioned that this in-house application is very sensitive and all traffic being identified needs to be inspected by the Content-ID engine. Which method should company.com use to immediately address this traffic on a Palo Alto Networks device?
Correct Answer: D
Create a Custom Application with a signature and attach it to a security policy, or create a custom application and define an application override policy--A custom application allows you to customize the definition of the internal application--its characteristics, category and sub-category, risk, port, timeout--and exercise granular policy control in order to minimize the range of unidentified traffic on your network. Creating a custom application also allows you to correctly identify the application in the ACC and traffic logs and is useful in auditing/reporting on the applications on your network. For a custom application you can specify a signature and a pattern that uniquely identifies the application and attach it to a security policy that allows or denies the application. Alternatively, if you would like the firewall to process the custom application using fast path (Layer-4 inspection instead of using App-ID for Layer-7 inspection), you can reference the custom application in an application override policy rule. An application override with a custom application will prevent the session from being processed by the App-ID engine, which is a Layer-7 inspection. Instead it forces the firewall to handle the session as a regular stateful inspection firewall at Layer-4, and thereby saves application processing time. For example, if you build a custom application that triggers on a host header www.mywebsite.com, the packets are first identified as web-browsing and then are matched as your custom application (whose parent application is web-browsing). Because the parent application is web-browsing, the custom application is inspected at Layer-7 and scanned for content and vulnerabilities. If you define an application override, the firewall stops processing at Layer-4. The custom application name is assigned to the session to help identify it in the logs, and the traffic is not scanned for threats. https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/app-id/manage-custom-or-unknown-applications.html#id74b58a78-164f-4dc5-aa4e-31ce62f2af0d