Palo Alto Networks System Engineer – SASE — Question 83

Which statement describes the data loss prevention (DLP) add-on?

Answer options

• A. It prevents phishing attacks by controlling the sites to which users can submit valid corporate credentials.
• B. It employs automated policy enforcement to allow trusted behavior with a new Device-ID policy construct.
• C. It is a centrally delivered cloud service with unified detection policies that can be embedded in existing control points.
• D. It enables data sharing with third-party tools such as security information and event management (SIEM) systems.

Correct answer: C

Explanation

Option C is correct because it accurately describes the DLP add-on as a centralized cloud service that integrates detection policies. Options A, B, and D do not correctly represent the primary function of DLP, which focuses on data protection rather than preventing phishing, enforcing policies on Device-ID, or data sharing with third-party tools.