Practice PCNSA App-ID and Content-ID questions with full explanations on every answer.
Start practicing
App-ID and Content-ID — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A company uses App-ID to control cloud storage applications. Users report that uploads to Google Drive are blocked even though a rule allows 'google-drive-base'. What is the most likely cause?
2A security team notices that custom application 'myapp' is not being identified by App-ID even though the correct application override is in place. What should they verify first?
3A security administrator wants to block all traffic using the BitTorrent protocol regardless of port. Which method should they use?
4After a security policy change, users complain that they cannot upload files to a custom web application. The rule allows the custom application 'webapp' and Content-ID is enabled. What is the most likely cause?
5A security engineer is troubleshooting why YouTube video streaming is not being identified as 'youtube-streaming' but instead as 'youtube-base'. What could be the reason?
6What is the primary benefit of using Content-ID in a security policy?
7An organization uses App-ID to allow 'web-browsing' but notices that some web traffic is being blocked. The traffic is HTTP over port 8080. What is a likely cause?
8Which two components are part of Content-ID? (Choose two.)
9Which TWO of the following are true about App-ID? (Choose two.)
10Which THREE factors should be considered when troubleshooting App-ID misidentification? (Choose three.)
11Which TWO are capabilities of Content-ID? (Choose two.)
12What is the most likely reason the traffic is being denied?
13A medium-sized enterprise has deployed a Palo Alto Networks firewall in a branch office. They use App-ID to control access to cloud applications. Recently, they migrated from on-premises Exchange to Office 365. They have a security rule that allows 'office365-base' for all users. However, users report that they cannot access their Office 365 email via Outlook client, although web access works fine. The firewall logs show that the traffic is being allowed as 'office365-base' but no other Office 365 sub-applications are seen. The IT team suspects that App-ID is not fully identifying the Outlook client traffic. What should they do to resolve this issue?
14A global company uses a Palo Alto Networks firewall at its headquarters. They have a security policy that allows 'web-browsing' and 'ssl' for all users. Recently, they deployed a new custom web application for internal use that runs on TCP port 8443 with SSL. The application is not identified by App-ID as 'web-browsing' or 'ssl', but as 'unknown-tcp'. The security team wants to ensure that only this specific application is allowed, and all other unknown traffic is blocked. They have created a custom App-ID for the application using application override. However, after applying the override, the traffic is still shown as 'unknown-tcp' in logs. What is the most likely reason?
15Drag and drop the steps to configure a URL filtering profile on a Palo Alto Networks firewall into the correct order.
16Match each security zone type to its characteristic.
17A security administrator notices that traffic from a custom application is being incorrectly identified as web-browsing. What is the most likely cause?
18A company wants to block file uploads of PDFs to the internet via HTTP. Which Content-ID profile should be configured?
19Which Content-ID feature can be used to prevent data loss by blocking specific patterns in traffic?
20Which of the following is a prerequisite for App-ID to identify applications in encrypted traffic?
21A company has a security policy that allows 'ssl' application but does not have SSL decryption enabled. What can App-ID still identify from the encrypted session?
22A user reports that they are unable to download executable files from the internet. The firewall security rule allows the application. What should the administrator check first?
23An administrator is troubleshooting why an application is being identified as 'incomplete' in the traffic log. What does this indicate?
24An administrator configures a custom App-ID signature using a packet buffer override. What is the implication?
25During an App-ID upgrade, some applications are no longer identified correctly. What is the most likely cause?
26Which TWO methods can be used to create a custom App-ID signature?
27Which THREE Content-ID components typically require a separate license or subscription?
28Which TWO are required for accurate application identification when an application uses non-standard ports?
29Refer to the exhibit. An administrator sees this output and notices that App-ID is not identifying applications. What is the most likely cause?
30Refer to the exhibit. An administrator notes that traffic to Facebook is being denied. What is the most likely reason?
31Refer to the exhibit. An administrator wants to block all traffic that does not match a specific application (e.g., only allow 'web-browsing'). What should be done?
32A network administrator notices that traffic for a custom business application is being incorrectly identified as 'ssl' by the firewall. What is the most efficient way to ensure this application is accurately identified without impacting other SSL traffic?
33A security engineer wants to block downloading of executable files over HTTP and HTTPS, but allow all other web traffic. Which Content-ID feature should be configured to achieve this granular control?
34A company's security policy must allow Microsoft Teams traffic but deny all other chat applications. Which type of object should be specified in the 'Application' column of the security policy rule?
35During a security audit, it is discovered that FTP traffic over non-standard ports is bypassing App-ID inspection. What is the most effective method to ensure all FTP traffic is identified, regardless of port?
36A user reports that they cannot download PDF files from a corporate web application. The security policy has a File Blocking Profile applied to deny 'PDF' files. The web application uses 'ssl' and 'web-browsing' apps. What should the administrator verify first?
37What is the primary benefit of using App-ID in a security policy instead of relying solely on port-based rules?
38A Palo Alto Networks firewall is configured with a security rule that allows 'web-browsing' and has a URL Filtering Profile to block 'malware' sites. However, users can still access known malware URLs. What is the most likely cause?
39An administrator wants to block all peer-to-peer file sharing traffic, but must ensure that legitimate business applications like FTP are not affected. Which approach is most effective?
40Which Content-ID feature can be used to prevent credit card numbers from being sent via webmail applications?
41Which TWO statements about App-ID are correct? (Choose two.)
42Which THREE are valid components of Content-ID? (Choose three.)
43An administrator needs to block all traffic from a specific application that uses multiple ports. Which TWO methods can achieve this? (Choose two.)
44Refer to the exhibit. A user on the Trust zone is trying to download a file from an FTP server on the Untrust zone using FTP on TCP port 21. The firewall's security policy is as shown. What will happen?
45A security administrator notices that traffic from a custom application is being incorrectly identified as web-browsing. The application uses a proprietary protocol on TCP port 8080. What is the most efficient way to ensure correct identification without disabling App-ID?
46A company wants to block all traffic from the application 'facebook-base' but allow 'facebook-chat'. Which type of security rule is most appropriate?
47An organization uses a custom ERP system that communicates over TCP port 4444. The firewall's App-ID incorrectly identifies some of the traffic as 'ssl' because the ERP system uses a proprietary encryption wrapper. What is the recommended approach to ensure correct identification?
48A network administrator observes that a user is able to access a cloud storage application even though a security rule explicitly blocks that application. Other application blocks work correctly. What is the most likely cause?
49Which of the following is a primary benefit of using App-ID in a security policy?
50During a security audit, it is discovered that some users are bypassing the company's web proxy by using HTTPS to external websites. The firewall is configured to allow 'web-browsing' application. What is the best way to enforce proxy usage for all HTTP/HTTPS traffic?
51An administrator wants to block upload of files with extension .exe to the application 'box-net'. Which security policy component is most appropriate?
52Which TWO statements are true regarding App-ID and Content-ID? (Choose two.)
53Which THREE actions are valid when configuring App-ID in a security policy? (Choose three.)
54Which TWO are methods used by App-ID to identify applications? (Choose two.)
55Refer to the exhibit. A user reports being unable to connect to a website over HTTPS. The traffic log shows the application as 'incomplete' and the rule 'Block-Unknown-App' is matched. What is the most likely reason the application is 'incomplete'?
56A medium-sized enterprise has a Palo Alto Networks firewall in your data center. They have recently deployed a new cloud-based CRM system that uses a proprietary protocol over TCP port 8443. The firewall is configured with App-ID enabled, but traffic to the CRM is being incorrectly identified as 'web-browsing' and 'ssl'. Users are able to access the CRM, but the security team wants to ensure that only authorized users can use this application. They have created a custom App-ID signature based on a unique payload pattern in the first packet. However, after applying the signature and committing, the traffic logs still show the application as 'incomplete' or 'web-browsing'. The firewall is running PAN-OS 10.1. What is the most likely reason the custom App-ID is not working?
57A large university uses a Palo Alto Networks firewall to secure its network. The security team has implemented a policy to block peer-to-peer (P2P) file sharing applications. They have configured a security rule that denies all applications in the 'peer-to-peer' category. However, they notice that some students are still able to download files using BitTorrent. The traffic logs show the application as 'bittorrent' but the rule does not match. Upon investigation, the rule is applied to the correct zones and includes the peer-to-peer category. The source and destination are any. What is the most likely cause of this issue?
58A small business owner wants to block all social media applications during work hours for employees. The firewall is configured with App-ID and has a security rule that denies the 'social-networking' application category from the internal zone to the internet zone. The rule is placed at the top of the security policy. However, employees are still able to access Facebook and Twitter. The traffic logs show these applications are being allowed by a different rule. The administrator checks the security policy and finds the deny rule for social-networking is present but not matched. What is the most likely reason the deny rule is not being matched?
59A financial services company uses a Palo Alto Networks firewall to protect its customer data. They have a requirement to block all file transfers that contain credit card numbers (PCI compliance). The firewall has Data Filtering profiles configured to detect credit card patterns. However, the security team notices that some file transfers containing credit card numbers are not being blocked. The traffic logs show the applications are identified correctly, and the security rule has the Data Filtering profile attached. The Data Filtering profile is configured with a rule to block 'Credit Card Numbers' with a threshold of 1. What could be the issue?
60A network security engineer at a large enterprise is troubleshooting an issue where web traffic (HTTP and HTTPS) from the corporate LAN to the internet is being incorrectly classified by the Palo Alto Networks firewall. The firewall is running PAN-OS 10.2. The security policy has an App-ID based rule that allows 'web-browsing' and 'ssl' applications to the internet. However, legitimate web traffic is being blocked by a different rule that denies 'unknown-tcp' traffic. The engineer has verified that the firewall has internet connectivity and that the SSL decryption is not configured. The engineer also confirmed that the application override is not configured for any of the affected IPs. What is the most likely reason for the misclassification, and what action should the engineer take to resolve the issue?
The App-ID and Content-ID domain covers the key concepts tested in this area of the PCNSA exam blueprint published by Palo Alto Networks. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all PCNSA domains — no account required.
The Courseiva PCNSA question bank contains 60 questions in the App-ID and Content-ID domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the App-ID and Content-ID domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included