An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the company’s proprietary accounting application. The administrator wants to reliably identify this traffic as their accounting application and to scan this traffic for threats.
Which option would achieve this result?
A . Create a custom App-ID and enable scanning on the advanced tab.
B . Create an Application Override policy.
C . Create a custom App-ID and use the “ordered conditions” check box.
D . Create an Application Override policy and custom threat signature for the application.
Answer: A
Explanation:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK
Leave a Reply