U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks SSE-Engineer Exam - Topic 2 Question 2 Discussion

A user connected to Prisma Access reports that traffic intermittently is denied after matching a Catch-All Deny rule at the bottom and bypassing HIP-based policies. Refreshing VPN connection restores the access.What are two reasons for this behavior? (Choose two.)
B) User mapping is learned from sources other than gateway authentication. and C) Firewall loses user mapping due to missed HIP report checks.
A) 'Collect HIP data' needs to be enabled in the configuration.
D) HIP-enforced policy is scheduled for certain hours of the day.

Palo Alto Networks SSE-Engineer Exam - Topic 2 Question 2 Discussion

Actual exam question for Palo Alto Networks's SSE-Engineer exam
Question #: 2
Topic #: 2
[All SSE-Engineer Questions]

A user connected to Prisma Access reports that traffic intermittently is denied after matching a Catch-All Deny rule at the bottom and bypassing HIP-based policies. Refreshing VPN connection restores the access.

What are two reasons for this behavior? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

User mapping learned from sources other than gateway authentication can cause intermittent access issues if it conflicts with the expected user identity used in HIP-based policies. If the firewall is associating the user with an outdated or incorrect mapping, traffic may not match the intended security policies, leading to denials by the Catch-All Deny rule.

If the firewall loses user mapping due to missed HIP report checks, the user may temporarily lose access to policies that require a valid Host Information Profile (HIP) match. When the VPN connection is refreshed, the HIP check is re-initiated, restoring access until the issue repeats.


Contribute your Thoughts:

0/2000 characters
Herman
6 months ago
B seems unlikely, user mapping should come from the gateway, right?
upvoted 0 times
...
Latonia
6 months ago
A needs to be checked too, can't overlook HIP data collection.
upvoted 0 times
...
Bettina
7 months ago
Totally agree, missed HIP checks can mess things up!
upvoted 0 times
...
Rebbecca
7 months ago
Wait, is it really possible for user mapping to just disappear?
upvoted 0 times
...
Cristina
7 months ago
I think C is a solid reason for this issue.
upvoted 0 times
...
Malcom
7 months ago
I wonder if the timing of the HIP policy could affect access. Option D sounds plausible, but I need to double-check my notes.
upvoted 0 times
...
Catalina
8 months ago
I'm a bit confused about the user mapping part. I feel like option B might be relevant, but I can't recall the specifics.
upvoted 0 times
...
Jaclyn
8 months ago
I think I saw a similar question in our practice tests where enabling HIP data was important. Could option A be the answer?
upvoted 0 times
...
Katie
8 months ago
I remember something about HIP reports being crucial for user mapping, so maybe option C is right? But I'm not entirely sure.
upvoted 0 times
...
Norah
8 months ago
I've got a good feeling about this one. The intermittent nature of the issue and the fact that refreshing the VPN connection fixes it points to a problem with the user mapping or HIP data collection. I'm going to go with options A and C as the most probable reasons for this behavior.
upvoted 0 times
...
Trina
8 months ago
Okay, let's see. The issue is that traffic is being denied after matching the Catch-All Deny rule, but refreshing the VPN connection restores access. That makes me think it's related to the HIP-based policies somehow. I'm leaning towards options C and B as the most likely culprits.
upvoted 0 times
...
Stanford
8 months ago
Hmm, this seems like a tricky one. I'm not super familiar with Prisma Access and how the HIP-based policies function, so I'll need to think this through carefully. Maybe I can eliminate some of the options that don't seem quite right.
upvoted 0 times
...
Ling
9 months ago
I think the key here is understanding how HIP-based policies work and how they interact with the Catch-All Deny rule. The question is asking for two reasons, so I'll need to carefully consider the options and choose the two that best explain the intermittent traffic denial.
upvoted 0 times
...
Sage
1 year ago
I think the correct reasons are A) and C). The firewall losing user mapping could definitely cause intermittent denial of traffic.
upvoted 0 times
...
Teri
1 year ago
I believe the issue might be related to B) User mapping learned from sources other than gateway authentication.
upvoted 0 times
...
Raina
1 year ago
Ooh, this is a tricky one. I'm going to go with B and C. User mapping from other sources and the firewall losing the mapping? That's gotta be it. Although, I have to say, these Prisma Access questions are getting more confusing by the minute.
upvoted 0 times
Loreen
11 months ago
Refreshing the VPN connection seems to be a temporary fix, but addressing the root cause with user mapping and HIP report checks is crucial.
upvoted 0 times
...
Fredric
12 months ago
I agree, those seem like valid reasons. It's important to make sure the user mapping is accurate for proper access.
upvoted 0 times
...
Tijuana
1 year ago
I think you're on the right track with B and C. User mapping from other sources and the firewall losing mapping could definitely cause this issue.
upvoted 0 times
...
...
Elizabeth
1 year ago
I agree with Lacresha, but I also think C) Firewall loses user mapping due to missed HIP report checks.
upvoted 0 times
...
Lacresha
1 year ago
I think the reason could be A) 'Collect HIP data' needs to be enabled.
upvoted 0 times
...
Viola
1 year ago
I'm going with C and D. Losing the user mapping and having a time-limited HIP policy? Sounds like a recipe for frustration. I bet the person reporting this issue is ready to throw their laptop out the window.
upvoted 0 times
Nguyet
1 year ago
Yeah, having a time-limited HIP policy can be frustrating for users.
upvoted 0 times
...
Tiara
1 year ago
I agree, losing user mapping can definitely cause issues.
upvoted 0 times
...
Stanford
1 year ago
Refreshing the VPN connection seems to be a temporary fix for now.
upvoted 0 times
...
Iola
1 year ago
Yeah, losing user mapping and having a time-limited policy can definitely cause frustration.
upvoted 0 times
...
Gregoria
1 year ago
I think C and D are the reasons for the issue.
upvoted 0 times
...
...
Salley
1 year ago
I'm leaning towards B and C. User mapping learned from other sources could be causing the problem, and the missed HIP checks definitely sound like a culprit. This is giving me a headache just thinking about it.
upvoted 0 times
Teresita
1 year ago
I agree, those two options seem like they could be causing the issue.
upvoted 0 times
...
Adelaide
1 year ago
C) Firewall loses user mapping due to missed HIP report checks.
upvoted 0 times
...
Lorriane
1 year ago
A) User mapping is learned from sources other than gateway authentication.
upvoted 0 times
...
...
Willodean
1 year ago
Hmm, I think it's gotta be C and D. If the firewall loses the user mapping due to missed HIP checks, and the HIP-enforced policy is only active during certain hours, that would explain the intermittent access issues.
upvoted 0 times
Janey
1 year ago
D) HIP-enforced policy is scheduled for certain hours of the day.
upvoted 0 times
...
Wayne
1 year ago
C) Firewall loses user mapping due to missed HIP report checks.
upvoted 0 times
...
...

Save Cancel