Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← App-ID and Content-ID practice sets

PCNSA App-ID and Content-ID • Complete Question Bank

PCNSA App-ID and Content-ID — All Questions With Answers

Complete PCNSA App-ID and Content-ID question bank — all 0 questions with answers and detailed explanations.

60
Questions
Free
No signup
Certifications/PCNSA/Practice Test/App-ID and Content-ID/All Questions
Question 1mediummultiple choice
Read the full App-ID and Content-ID explanation →

A company uses App-ID to control cloud storage applications. Users report that uploads to Google Drive are blocked even though a rule allows 'google-drive-base'. What is the most likely cause?

Question 2hardmultiple choice
Read the full App-ID and Content-ID explanation →

A security team notices that custom application 'myapp' is not being identified by App-ID even though the correct application override is in place. What should they verify first?

Question 3easymultiple choice
Read the full App-ID and Content-ID explanation →

A security administrator wants to block all traffic using the BitTorrent protocol regardless of port. Which method should they use?

Question 4hardmultiple choice
Read the full App-ID and Content-ID explanation →

After a security policy change, users complain that they cannot upload files to a custom web application. The rule allows the custom application 'webapp' and Content-ID is enabled. What is the most likely cause?

Question 5mediummultiple choice
Read the full App-ID and Content-ID explanation →

A security engineer is troubleshooting why YouTube video streaming is not being identified as 'youtube-streaming' but instead as 'youtube-base'. What could be the reason?

Question 6easymultiple choice
Read the full App-ID and Content-ID explanation →

What is the primary benefit of using Content-ID in a security policy?

Question 7hardmultiple choice
Read the full App-ID and Content-ID explanation →

An organization uses App-ID to allow 'web-browsing' but notices that some web traffic is being blocked. The traffic is HTTP over port 8080. What is a likely cause?

Question 8easymulti select
Read the full App-ID and Content-ID explanation →

Which two components are part of Content-ID? (Choose two.)

Question 9mediummulti select
Read the full App-ID and Content-ID explanation →

Which TWO of the following are true about App-ID? (Choose two.)

Question 10hardmulti select
Read the full App-ID and Content-ID explanation →

Which THREE factors should be considered when troubleshooting App-ID misidentification? (Choose three.)

Question 11easymulti select
Read the full App-ID and Content-ID explanation →

Which TWO are capabilities of Content-ID? (Choose two.)

Question 12mediummultiple choice
Read the full App-ID and Content-ID explanation →

What is the most likely reason the traffic is being denied?

Exhibit

Refer to the exhibit.

Application Command Center
Name: myapp
Category: business-systems
Subcategory: file-sharing
Technology: peer-to-peer
Risk: 4
Characteristics: evasive-behavior, used-by-malware, excessive-bandwidth

Security Policy Rule:
Source: any
Destination: any
Application: myapp
Action: allow
Profile: default

Logs show traffic matching this rule is being denied with action 'reset-both'.
Question 13mediummultiple choice
Read the full App-ID and Content-ID explanation →

A medium-sized enterprise has deployed a Palo Alto Networks firewall in a branch office. They use App-ID to control access to cloud applications. Recently, they migrated from on-premises Exchange to Office 365. They have a security rule that allows 'office365-base' for all users. However, users report that they cannot access their Office 365 email via Outlook client, although web access works fine. The firewall logs show that the traffic is being allowed as 'office365-base' but no other Office 365 sub-applications are seen. The IT team suspects that App-ID is not fully identifying the Outlook client traffic. What should they do to resolve this issue?

Question 14hardmultiple choice
Read the full App-ID and Content-ID explanation →

A global company uses a Palo Alto Networks firewall at its headquarters. They have a security policy that allows 'web-browsing' and 'ssl' for all users. Recently, they deployed a new custom web application for internal use that runs on TCP port 8443 with SSL. The application is not identified by App-ID as 'web-browsing' or 'ssl', but as 'unknown-tcp'. The security team wants to ensure that only this specific application is allowed, and all other unknown traffic is blocked. They have created a custom App-ID for the application using application override. However, after applying the override, the traffic is still shown as 'unknown-tcp' in logs. What is the most likely reason?

Question 15mediumdrag order
Read the full App-ID and Content-ID explanation →

Drag and drop the steps to configure a URL filtering profile on a Palo Alto Networks firewall into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 16mediummatching
Read the full App-ID and Content-ID explanation →

Match each security zone type to its characteristic.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

External, low trust zone

Internal, high trust zone

Public-facing servers, medium trust

Transparent zone for inline deployments

Question 17easymultiple choice
Read the full App-ID and Content-ID explanation →

A security administrator notices that traffic from a custom application is being incorrectly identified as web-browsing. What is the most likely cause?

Question 18easymultiple choice
Read the full App-ID and Content-ID explanation →

A company wants to block file uploads of PDFs to the internet via HTTP. Which Content-ID profile should be configured?

Question 19easymultiple choice
Read the full NAT/PAT explanation →

Which Content-ID feature can be used to prevent data loss by blocking specific patterns in traffic?

Question 20mediummultiple choice
Read the full App-ID and Content-ID explanation →

Which of the following is a prerequisite for App-ID to identify applications in encrypted traffic?

Question 21mediummultiple choice
Read the full App-ID and Content-ID explanation →

A company has a security policy that allows 'ssl' application but does not have SSL decryption enabled. What can App-ID still identify from the encrypted session?

Question 22mediummultiple choice
Read the full App-ID and Content-ID explanation →

A user reports that they are unable to download executable files from the internet. The firewall security rule allows the application. What should the administrator check first?

Question 23hardmultiple choice
Read the full App-ID and Content-ID explanation →

An administrator is troubleshooting why an application is being identified as 'incomplete' in the traffic log. What does this indicate?

Question 24hardmultiple choice
Read the full NAT/PAT explanation →

An administrator configures a custom App-ID signature using a packet buffer override. What is the implication?

Question 25hardmultiple choice
Read the full App-ID and Content-ID explanation →

During an App-ID upgrade, some applications are no longer identified correctly. What is the most likely cause?

Question 26mediummulti select
Read the full NAT/PAT explanation →

Which TWO methods can be used to create a custom App-ID signature?

Question 27easymulti select
Read the full App-ID and Content-ID explanation →

Which THREE Content-ID components typically require a separate license or subscription?

Question 28hardmulti select
Read the full App-ID and Content-ID explanation →

Which TWO are required for accurate application identification when an application uses non-standard ports?

Question 29easymultiple choice
Read the full App-ID and Content-ID explanation →

Refer to the exhibit. An administrator sees this output and notices that App-ID is not identifying applications. What is the most likely cause?

Exhibit

show system state | match appid
appid status: init
appid version: 8400-XXXX
appid last update: 2023-01-01
Question 30mediummultiple choice
Read the full App-ID and Content-ID explanation →

Refer to the exhibit. An administrator notes that traffic to Facebook is being denied. What is the most likely reason?

Exhibit

security rule configuration:
{
  "name": "rule1",
  "from": ["trust"],
  "to": ["untrust"],
  "source": ["any"],
  "destination": ["any"],
  "application": ["web-browsing", "ssl"],
  "action": "allow"
}
Question 31hardmultiple choice
Read the full App-ID and Content-ID explanation →

Refer to the exhibit. An administrator wants to block all traffic that does not match a specific application (e.g., only allow 'web-browsing'). What should be done?

Exhibit

{
  "rulebase": {
    "security": [
      {
        "name": "allow-all",
        "from": ["trust"],
        "to": ["untrust"],
        "source": ["any"],
        "destination": ["any"],
        "application": ["any"],
        "action": "allow"
      }
    ]
  }
}
Question 32mediummultiple choice
Read the full App-ID and Content-ID explanation →

A network administrator notices that traffic for a custom business application is being incorrectly identified as 'ssl' by the firewall. What is the most efficient way to ensure this application is accurately identified without impacting other SSL traffic?

Question 33hardmultiple choice
Read the full App-ID and Content-ID explanation →

A security engineer wants to block downloading of executable files over HTTP and HTTPS, but allow all other web traffic. Which Content-ID feature should be configured to achieve this granular control?

Question 34easymultiple choice
Read the full App-ID and Content-ID explanation →

A company's security policy must allow Microsoft Teams traffic but deny all other chat applications. Which type of object should be specified in the 'Application' column of the security policy rule?

Question 35hardmultiple choice
Read the full App-ID and Content-ID explanation →

During a security audit, it is discovered that FTP traffic over non-standard ports is bypassing App-ID inspection. What is the most effective method to ensure all FTP traffic is identified, regardless of port?

Question 36mediummultiple choice
Read the full App-ID and Content-ID explanation →

A user reports that they cannot download PDF files from a corporate web application. The security policy has a File Blocking Profile applied to deny 'PDF' files. The web application uses 'ssl' and 'web-browsing' apps. What should the administrator verify first?

Question 37easymultiple choice
Read the full App-ID and Content-ID explanation →

What is the primary benefit of using App-ID in a security policy instead of relying solely on port-based rules?

Question 38hardmultiple choice
Read the full App-ID and Content-ID explanation →

A Palo Alto Networks firewall is configured with a security rule that allows 'web-browsing' and has a URL Filtering Profile to block 'malware' sites. However, users can still access known malware URLs. What is the most likely cause?

Question 39mediummultiple choice
Read the full App-ID and Content-ID explanation →

An administrator wants to block all peer-to-peer file sharing traffic, but must ensure that legitimate business applications like FTP are not affected. Which approach is most effective?

Question 40easymultiple choice
Read the full App-ID and Content-ID explanation →

Which Content-ID feature can be used to prevent credit card numbers from being sent via webmail applications?

Question 41mediummulti select
Read the full App-ID and Content-ID explanation →

Which TWO statements about App-ID are correct? (Choose two.)

Question 42hardmulti select
Read the full App-ID and Content-ID explanation →

Which THREE are valid components of Content-ID? (Choose three.)

Question 43easymulti select
Read the full App-ID and Content-ID explanation →

An administrator needs to block all traffic from a specific application that uses multiple ports. Which TWO methods can achieve this? (Choose two.)

Question 44mediummultiple choice
Read the full App-ID and Content-ID explanation →

Refer to the exhibit. A user on the Trust zone is trying to download a file from an FTP server on the Untrust zone using FTP on TCP port 21. The firewall's security policy is as shown. What will happen?

Exhibit

Refer to the exhibit.

admin@PA-5000> show running security-policy

Rule Name          Source Zone       Dest Zone        Application            Action
-------            -----------      -----------      -----------            ------
Allow-Web          Trust            Untrust          web-browsing           allow
Allow-SSL          Trust            Untrust          ssl                    allow
Block-FTP          Trust            Untrust          ftp                    deny

admin@PA-5000> show app ftp

application ftp
  description: File Transfer Protocol
  ports: tcp/21
  category: file-sharing
  subcategory: file-protocol
  technology: client-server
  risk: 3
  default: yes
Question 45mediummultiple choice
Read the full App-ID and Content-ID explanation →

A security administrator notices that traffic from a custom application is being incorrectly identified as web-browsing. The application uses a proprietary protocol on TCP port 8080. What is the most efficient way to ensure correct identification without disabling App-ID?

Question 46easymultiple choice
Read the full App-ID and Content-ID explanation →

A company wants to block all traffic from the application 'facebook-base' but allow 'facebook-chat'. Which type of security rule is most appropriate?

Question 47hardmultiple choice
Read the full App-ID and Content-ID explanation →

An organization uses a custom ERP system that communicates over TCP port 4444. The firewall's App-ID incorrectly identifies some of the traffic as 'ssl' because the ERP system uses a proprietary encryption wrapper. What is the recommended approach to ensure correct identification?

Question 48mediummultiple choice
Read the full App-ID and Content-ID explanation →

A network administrator observes that a user is able to access a cloud storage application even though a security rule explicitly blocks that application. Other application blocks work correctly. What is the most likely cause?

Question 49easymultiple choice
Read the full App-ID and Content-ID explanation →

Which of the following is a primary benefit of using App-ID in a security policy?

Question 50hardmultiple choice
Read the full App-ID and Content-ID explanation →

During a security audit, it is discovered that some users are bypassing the company's web proxy by using HTTPS to external websites. The firewall is configured to allow 'web-browsing' application. What is the best way to enforce proxy usage for all HTTP/HTTPS traffic?

Question 51mediummultiple choice
Read the full App-ID and Content-ID explanation →

An administrator wants to block upload of files with extension .exe to the application 'box-net'. Which security policy component is most appropriate?

Question 52mediummulti select
Read the full App-ID and Content-ID explanation →

Which TWO statements are true regarding App-ID and Content-ID? (Choose two.)

Question 53hardmulti select
Read the full App-ID and Content-ID explanation →

Which THREE actions are valid when configuring App-ID in a security policy? (Choose three.)

Question 54easymulti select
Read the full App-ID and Content-ID explanation →

Which TWO are methods used by App-ID to identify applications? (Choose two.)

Question 55hardmultiple choice
Read the full App-ID and Content-ID explanation →

Refer to the exhibit. A user reports being unable to connect to a website over HTTPS. The traffic log shows the application as 'incomplete' and the rule 'Block-Unknown-App' is matched. What is the most likely reason the application is 'incomplete'?

Exhibit

Refer to the exhibit.

security-rule show rule-id 1001
  rule-id: 1001
  name: Block-Unknown-App
  from: any
  to: any
  source: any
  destination: any
  application: (none)
  service: application-default
  action: deny
  log-start: yes
  log-end: yes

Traffic log:
  time: 2025-03-15 10:00:00
  src: 10.1.1.10
  dst: 198.51.100.20
  port: 443
  app: incomplete
  rule: Block-Unknown-App
Question 56mediummultiple choice
Read the full NAT/PAT explanation →

A medium-sized enterprise has a Palo Alto Networks firewall in your data center. They have recently deployed a new cloud-based CRM system that uses a proprietary protocol over TCP port 8443. The firewall is configured with App-ID enabled, but traffic to the CRM is being incorrectly identified as 'web-browsing' and 'ssl'. Users are able to access the CRM, but the security team wants to ensure that only authorized users can use this application. They have created a custom App-ID signature based on a unique payload pattern in the first packet. However, after applying the signature and committing, the traffic logs still show the application as 'incomplete' or 'web-browsing'. The firewall is running PAN-OS 10.1. What is the most likely reason the custom App-ID is not working?

Question 57hardmultiple choice
Read the full NAT/PAT explanation →

A large university uses a Palo Alto Networks firewall to secure its network. The security team has implemented a policy to block peer-to-peer (P2P) file sharing applications. They have configured a security rule that denies all applications in the 'peer-to-peer' category. However, they notice that some students are still able to download files using BitTorrent. The traffic logs show the application as 'bittorrent' but the rule does not match. Upon investigation, the rule is applied to the correct zones and includes the peer-to-peer category. The source and destination are any. What is the most likely cause of this issue?

Question 58easymultiple choice
Read the full App-ID and Content-ID explanation →

A small business owner wants to block all social media applications during work hours for employees. The firewall is configured with App-ID and has a security rule that denies the 'social-networking' application category from the internal zone to the internet zone. The rule is placed at the top of the security policy. However, employees are still able to access Facebook and Twitter. The traffic logs show these applications are being allowed by a different rule. The administrator checks the security policy and finds the deny rule for social-networking is present but not matched. What is the most likely reason the deny rule is not being matched?

Question 59mediummultiple choice
Read the full NAT/PAT explanation →

A financial services company uses a Palo Alto Networks firewall to protect its customer data. They have a requirement to block all file transfers that contain credit card numbers (PCI compliance). The firewall has Data Filtering profiles configured to detect credit card patterns. However, the security team notices that some file transfers containing credit card numbers are not being blocked. The traffic logs show the applications are identified correctly, and the security rule has the Data Filtering profile attached. The Data Filtering profile is configured with a rule to block 'Credit Card Numbers' with a threshold of 1. What could be the issue?

Question 60mediummultiple choice
Read the full App-ID and Content-ID explanation →

A network security engineer at a large enterprise is troubleshooting an issue where web traffic (HTTP and HTTPS) from the corporate LAN to the internet is being incorrectly classified by the Palo Alto Networks firewall. The firewall is running PAN-OS 10.2. The security policy has an App-ID based rule that allows 'web-browsing' and 'ssl' applications to the internet. However, legitimate web traffic is being blocked by a different rule that denies 'unknown-tcp' traffic. The engineer has verified that the firewall has internet connectivity and that the SSL decryption is not configured. The engineer also confirmed that the application override is not configured for any of the affected IPs. What is the most likely reason for the misclassification, and what action should the engineer take to resolve the issue?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

PCNSA Practice Test 1 — 10 Questions→PCNSA Practice Test 2 — 10 Questions→PCNSA Practice Test 3 — 10 Questions→PCNSA Practice Test 4 — 10 Questions→PCNSA Practice Test 5 — 10 Questions→PCNSA Practice Exam 1 — 20 Questions→PCNSA Practice Exam 2 — 20 Questions→PCNSA Practice Exam 3 — 20 Questions→PCNSA Practice Exam 4 — 20 Questions→Free PCNSA Practice Test 1 — 30 Questions→Free PCNSA Practice Test 2 — 30 Questions→Free PCNSA Practice Test 3 — 30 Questions→PCNSA Practice Questions 1 — 50 Questions→PCNSA Practice Questions 2 — 50 Questions→PCNSA Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Managing ObjectsPolicy Evaluation and ManagementSecuring TrafficCore ConceptsPalo Alto Networks Platforms and ArchitectureDevice Management and ServicesApp-ID and Content-IDDecryption and Monitoring

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All App-ID and Content-ID setsAll App-ID and Content-ID questionsPCNSA Practice Hub