Palo Alto Networks (PANW) Certified Network Security Administrator (PCNSA) Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Palo Alto Networks Certified Network Security Administrator Exam with flashcards and multiple choice questions. Each question includes hints and explanations to boost your confidence and readiness!

Practice this question and more.

What is the correct action to take when traffic for an unknown application is detected?

Drop the traffic immediately
Allow the traffic to prevent disruption
Log the event for future analysis
Create an override for the application

The correct answer is: Create an override for the application

When traffic for an unknown application is detected, the appropriate action is to create an override for the application. This action allows the network security administrator to define how to handle this type of traffic in a controlled manner before making a permanent decision. By creating an override, administrators can analyze the application further, assess its nature, and determine whether it should be allowed, monitored, or blocked based on its actual behavior and necessity within the organization. Additionally, creating an override provides the opportunity to apply specific policies or rules temporarily, facilitating a thorough investigation without immediately impacting the network or user experience. This is important for maintaining operational continuity while enhancing security posture. It allows for flexibility in response to new applications while ensuring proper controls can be enforced if necessary. Logging the event for future analysis, allowing the traffic to prevent disruption, or dropping the traffic immediately could lead to either insufficient analysis of potentially harmful applications or unnecessary disruptions to legitimate business processes. Therefore, creating an override stands out as the best approach because it creates a balance between security and operational integrity.