A&D. Yes, you enable Credential detection in an URL Filtering Profile but the question asks how to prevent the "abuse" of already stole credentials. MFA is clear. And you can use DUG to tag users where credentials already have been submitted and block them. Your thoughts?

Correct answers are A and B. URL-F is mandatory to be enabled and MFA helps to ensure user authentication. WF analysis is focused on identifie unknown malware by inspecting files. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/url-filtering/prevent-credential-phishing

See explanation from homersimpson, it is A and B

Correct Answer is A & B "To enable credential phishing prevention, you must configure both User-ID to detect when users submit valid corporate credentials to a site (as opposed to personal credentials) and URL Filtering to specify the URL categories in which you want to prevent users from entering their corporate credentials." https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/url-filtering/prevent-credential-phishing

Same type as Question Q21 https://www.examtopics.com/discussions/palo-alto-networks/view/84155-exam-pse-strata-topic-1-question-21-discussion/

Correct A y B

MFA is clear. Dynamic user groups provide valuable visibility and control over user activity, helping organizations detect and prevent the abuse of stolen credentials in real-time.

AB are correct

A y C correct https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/url-filtering/prevent-credential-phishing

A y C correct