Palo Alto Networks Exam SSE-Engineer Topic 2 Question 2 Discussion

Actual exam question for Palo Alto Networks's SSE-Engineer exam

Question #: 2
Topic #: 2

A user connected to Prisma Access reports that traffic intermittently is denied after matching a Catch-All Deny rule at the bottom and bypassing HIP-based policies. Refreshing VPN connection restores the access.

What are two reasons for this behavior? (Choose two.)

A'Collect HIP data' needs to be enabled in the configuration.

BUser mapping is learned from sources other than gateway authentication.

CFirewall loses user mapping due to missed HIP report checks.

DHIP-enforced policy is scheduled for certain hours of the day.

Show Suggested Answer

Suggested Answer: B, C

User mapping learned from sources other than gateway authentication can cause intermittent access issues if it conflicts with the expected user identity used in HIP-based policies. If the firewall is associating the user with an outdated or incorrect mapping, traffic may not match the intended security policies, leading to denials by the Catch-All Deny rule.

If the firewall loses user mapping due to missed HIP report checks, the user may temporarily lose access to policies that require a valid Host Information Profile (HIP) match. When the VPN connection is refreshed, the HIP check is re-initiated, restoring access until the issue repeats.

by Pete at May 03, 2025, 11:03 PM

Limited Time Offer

25%

Off

Get Premium SSE-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Viola

5 days ago

I'm going with C and D. Losing the user mapping and having a time-limited HIP policy? Sounds like a recipe for frustration. I bet the person reporting this issue is ready to throw their laptop out the window.

upvoted 0 times

Iola

2 days ago

Yeah, losing user mapping and having a time-limited policy can definitely cause frustration.

upvoted 0 times

...

Gregoria

3 days ago

I think C and D are the reasons for the issue.

upvoted 0 times

...

Salley

25 days ago

I'm leaning towards B and C. User mapping learned from other sources could be causing the problem, and the missed HIP checks definitely sound like a culprit. This is giving me a headache just thinking about it.

upvoted 0 times

...

Willodean

1 months ago

Hmm, I think it's gotta be C and D. If the firewall loses the user mapping due to missed HIP checks, and the HIP-enforced policy is only active during certain hours, that would explain the intermittent access issues.

upvoted 0 times

...