Q: 2
A user connected to Prisma Access reports that traffic intermittently is denied after matching a
Catch-All Deny rule at the bottom and bypassing HIP-based policies. Refreshing VPN connection
restores the access.
What are two reasons for this behavior? (Choose two.)
Options
Discussion
B and C imo. User mapping from non-gateway sources can get stale, so the firewall loses track or has conflicting identity data. Also, missed HIP checks cause mapping loss until VPN reconnect triggers a new one. No time-based clue in the scenario, so I'd skip D. Pretty confident but open if anyone sees it differently.
D tbh, if the policy is only enforced during set hours and user tries during that window, could easily match described issue.
C is right, not A. Official admin guide and lab practice walk through these HIP mapping issues if you want more detail.
Yeah, B and C are what make sense for this. Mapping learned from somewhere else or missing HIP checks can break identity-based access, which lines up with the random denies until reconnect. Not 100% but I don’t see how D is right.
B and C tbh, since nothing in the scenario mentions specific hours so D feels off. B/C both tie directly to user mapping and HIP check issues which match the symptoms. Could be missing something but pretty sure about this.
B and C imo. Had something like this in a mock, intermittent denies usually point to user mapping issues or missed HIP reports from the firewall. Refreshing the VPN makes sense in that context. Anyone disagree?
D is a stretch, C and B fit the VPN refresh/reset symptom way better here.
Why assume D when the scenario never says anything about time-based policies? The key is that re-auth or reconnect fixes it, which would point more to something transient like user mapping or HIP state. I'd focus on what changes when the VPN is refreshed, not just the policy schedule.
Option B and C here. D is tempting but the question doesn't mention any time-based condition, so that's a trap. Similar question on a practice set pointed to user mapping and HIP check failures as main causes.
B and C imo. User mapping getting out of sync or missed HIP reporting both mess with access control here, fits the intermittent issue. D would only work if timing was mentioned, which isn't the case. Could be missing something but this lines up.
Be respectful. No spam.
