Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 152
An organization has recently migrated its infrastructure and configuration to NGFWs, for which Panorama manages the devices. The organization is coming from a
L2-L4 firewall vendor, but wants to use App-ID while identifying policies that are no longer needed.
Which Panorama tool can help this organization?
Answer options
- A. Test Policy Match
- B. Application Groups
- C. Policy Optimizer
- D. Config Audit
Correct answer: C
Explanation
The correct answer is C, Policy Optimizer, as it analyzes existing policies in conjunction with App-ID to identify and recommend policies that are no longer necessary. Option A, Test Policy Match, is used to test policies against traffic but does not focus on optimization. Option B, Application Groups, is for grouping applications but does not assess policy relevance. Option D, Config Audit, checks for configuration compliance but does not optimize policies.