Palo Alto Networks (PANW) Certified Network Security Administrator (PCNSA) Practice Exam

What should the SOC engineer do to safely allow known but not yet qualified applications without disrupting remaining traffic policies?

• A. Create Application Override policies
• B. Increase the timeout values for existing policies
• C. Limit outbound traffic only to certain applications
• D. Restrict traffic to the known applications only

The correct answer is: Create Application Override policies

Creating Application Override policies is the appropriate action for a SOC engineer to take in this scenario. Application Override policies enable the identification and control of specific applications that may not yet be fully recognized or classified by the firewall’s application database. By using these policies, the engineer can safely allow traffic from known applications while ensuring that existing security measures remain intact for other types of traffic. This option is particularly useful for applications that are important to business operations but are still in a state of qualification or are not officially recognized by the system. By implementing Application Override, the SOC engineer can define how these applications are handled without compromising overall network security or disrupting the flow of legitimate traffic governed by existing policies. The other choices do not address the need to allow specific applications without disrupting traffic policies as effectively. Increasing timeout values for existing policies may help with session persistence but does not address the need to allow certain applications. Limiting outbound traffic to certain applications could restrict necessary traffic flow rather than enabling it. Lastly, restricting traffic to only known applications may block legitimate unknown applications that could potentially be useful or necessary for operations. Hence, Application Override policies provide the most balanced approach to manage traffic while maintaining security.