Q: 7
What are the two main reasons a custom application is created? (Choose two.)
Options
Discussion
A and D for sure. You create a custom app to spot your own internal stuff in the traffic logs, plus it helps get rid of all the unknown traffic entries that App-ID can't figure out. Pretty standard use case from what I've seen, but open if anyone's got another take.
Isn't B also valid if you want to adjust how an application is classified? Custom apps could be used for recategorizing, not just identifying internal stuff or reducing unknowns. Or am I missing something about default PAN behavior?
A and D make sense here. Custom apps in PAN firewalls are really about making sure you can identify internal apps that App-ID doesn't recognize (A), plus cutting down on unknown traffic entries in the logs (D). B is more about app categorization, not the main use. Pretty sure this is right, but happy to discuss if anyone disagrees.
D imo. If App-ID already knows the app but logs it as "unknown," you'd make a custom app to ID it properly. Not actually about recategorizing built-ins, it's about that edge case where standard signatures fail.
Don't think B is right here. The real purpose of custom applications in PAN-OS is to properly identify internal or proprietary traffic (that's A), and also to cut down on all the unknown-tcp/udp noise (that's D). B looks like a trap since recategorizing isn't the main use case. Anyone else see it this way?
Probably A and D. Custom apps are key for spotting internal or proprietary traffic that default signatures miss, plus they help classify those unknown-tcp/udp logs so you're not blind to what’s on the wire. B and C might sound useful, but they aren't the main drivers for building a custom app in PAN-OS. Let me know if you see it differently.
A and B
A B imo. PAN-OS mainly supports SSL Forward Proxy and SSL Inbound Inspection for decryption, not GRE or SSH proxy here. D is a common trap since SSH Proxy is not decryption in this context. Happened on similar practice sets.
Is the question specifically asking for SSL/TLS decryption or any type of encrypted traffic? If it includes SSH, that might change which options are correct.
Be respectful. No spam.
