Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 461

A firewall engineer supports a mission-critical network that has zero tolerance for application downtime. A best-practice action taken by the engineer is to configure an Applications and Threats update schedule with a new App-ID threshold of 48 hours.

Which two additional best-practice guideline actions should be taken with regard to dynamic updates? (Choose two.)

Answer options

• A. Configure an Applications and Threats update schedule with a threshold of 24 to 48 hours.
• B. Click "Review Apps" after application updates are installed in order to assess how the changes might impact Security policy.
• C. Create a Security policy rule with an application filter to always allow certain categories of new App-IDs.
• D. Select the action "download-only" when configuring an Applications and Threats update schedule.

Correct answer: B, C

Explanation

Option B is correct because reviewing applications post-update helps ensure that security policies align with any changes made, minimizing risks. Option C is also correct as creating a rule to allow certain categories of new App-IDs ensures that critical applications continue functioning without disruption. Options A and D do not align with the best practices for maintaining security and operational integrity in this context.