New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks SSE-Engineer Exam - Topic 2 Question 2 Discussion

Actual exam question for Palo Alto Networks's SSE-Engineer exam
Question #: 2
Topic #: 2
[All SSE-Engineer Questions]

A user connected to Prisma Access reports that traffic intermittently is denied after matching a Catch-All Deny rule at the bottom and bypassing HIP-based policies. Refreshing VPN connection restores the access.

What are two reasons for this behavior? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

User mapping learned from sources other than gateway authentication can cause intermittent access issues if it conflicts with the expected user identity used in HIP-based policies. If the firewall is associating the user with an outdated or incorrect mapping, traffic may not match the intended security policies, leading to denials by the Catch-All Deny rule.

If the firewall loses user mapping due to missed HIP report checks, the user may temporarily lose access to policies that require a valid Host Information Profile (HIP) match. When the VPN connection is refreshed, the HIP check is re-initiated, restoring access until the issue repeats.


by Pete at May 03, 2025, 11:03 PM

Limited Time Offer

25%

Off

Get Premium SSE-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Herman
2 months ago
B seems unlikely, user mapping should come from the gateway, right?
upvoted 0 times
...
Latonia
2 months ago
A needs to be checked too, can't overlook HIP data collection.
upvoted 0 times
...
Bettina
3 months ago
Totally agree, missed HIP checks can mess things up!
upvoted 0 times
...
Rebbecca
3 months ago
Wait, is it really possible for user mapping to just disappear?
upvoted 0 times
...
Cristina
3 months ago
I think C is a solid reason for this issue.
upvoted 0 times
...
Malcom
3 months ago
I wonder if the timing of the HIP policy could affect access. Option D sounds plausible, but I need to double-check my notes.
upvoted 0 times
...
Catalina
4 months ago
I'm a bit confused about the user mapping part. I feel like option B might be relevant, but I can't recall the specifics.
upvoted 0 times
...
Jaclyn
4 months ago
I think I saw a similar question in our practice tests where enabling HIP data was important. Could option A be the answer?
upvoted 0 times
...
Katie
4 months ago
I remember something about HIP reports being crucial for user mapping, so maybe option C is right? But I'm not entirely sure.
upvoted 0 times
...
Norah
4 months ago
I've got a good feeling about this one. The intermittent nature of the issue and the fact that refreshing the VPN connection fixes it points to a problem with the user mapping or HIP data collection. I'm going to go with options A and C as the most probable reasons for this behavior.
upvoted 0 times
...
Trina
4 months ago
Okay, let's see. The issue is that traffic is being denied after matching the Catch-All Deny rule, but refreshing the VPN connection restores access. That makes me think it's related to the HIP-based policies somehow. I'm leaning towards options C and B as the most likely culprits.
upvoted 0 times
...
Stanford
5 months ago
Hmm, this seems like a tricky one. I'm not super familiar with Prisma Access and how the HIP-based policies function, so I'll need to think this through carefully. Maybe I can eliminate some of the options that don't seem quite right.
upvoted 0 times
...
Ling
5 months ago
I think the key here is understanding how HIP-based policies work and how they interact with the Catch-All Deny rule. The question is asking for two reasons, so I'll need to carefully consider the options and choose the two that best explain the intermittent traffic denial.
upvoted 0 times
...
Sage
8 months ago
I think the correct reasons are A) and C). The firewall losing user mapping could definitely cause intermittent denial of traffic.
upvoted 0 times
...
Teri
8 months ago
I believe the issue might be related to B) User mapping learned from sources other than gateway authentication.
upvoted 0 times
...
Raina
9 months ago
Ooh, this is a tricky one. I'm going to go with B and C. User mapping from other sources and the firewall losing the mapping? That's gotta be it. Although, I have to say, these Prisma Access questions are getting more confusing by the minute.
upvoted 0 times
Loreen
8 months ago
Refreshing the VPN connection seems to be a temporary fix, but addressing the root cause with user mapping and HIP report checks is crucial.
upvoted 0 times
...
Fredric
8 months ago
I agree, those seem like valid reasons. It's important to make sure the user mapping is accurate for proper access.
upvoted 0 times
...
Tijuana
8 months ago
I think you're on the right track with B and C. User mapping from other sources and the firewall losing mapping could definitely cause this issue.
upvoted 0 times
...
...
Elizabeth
9 months ago
I agree with Lacresha, but I also think C) Firewall loses user mapping due to missed HIP report checks.
upvoted 0 times
...
Lacresha
9 months ago
I think the reason could be A) 'Collect HIP data' needs to be enabled.
upvoted 0 times
...
Viola
9 months ago
I'm going with C and D. Losing the user mapping and having a time-limited HIP policy? Sounds like a recipe for frustration. I bet the person reporting this issue is ready to throw their laptop out the window.
upvoted 0 times
Nguyet
8 months ago
Yeah, having a time-limited HIP policy can be frustrating for users.
upvoted 0 times
...
Tiara
8 months ago
I agree, losing user mapping can definitely cause issues.
upvoted 0 times
...
Stanford
9 months ago
Refreshing the VPN connection seems to be a temporary fix for now.
upvoted 0 times
...
Iola
9 months ago
Yeah, losing user mapping and having a time-limited policy can definitely cause frustration.
upvoted 0 times
...
Gregoria
9 months ago
I think C and D are the reasons for the issue.
upvoted 0 times
...
...
Salley
10 months ago
I'm leaning towards B and C. User mapping learned from other sources could be causing the problem, and the missed HIP checks definitely sound like a culprit. This is giving me a headache just thinking about it.
upvoted 0 times
Teresita
8 months ago
I agree, those two options seem like they could be causing the issue.
upvoted 0 times
...
Adelaide
8 months ago
C) Firewall loses user mapping due to missed HIP report checks.
upvoted 0 times
...
Lorriane
8 months ago
A) User mapping is learned from sources other than gateway authentication.
upvoted 0 times
...
...
Willodean
10 months ago
Hmm, I think it's gotta be C and D. If the firewall loses the user mapping due to missed HIP checks, and the HIP-enforced policy is only active during certain hours, that would explain the intermittent access issues.
upvoted 0 times
Janey
9 months ago
D) HIP-enforced policy is scheduled for certain hours of the day.
upvoted 0 times
...
Wayne
9 months ago
C) Firewall loses user mapping due to missed HIP report checks.
upvoted 0 times
...
...

Save Cancel