Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Question 576

A firewall engineer supports a mission-critical network that has zero tolerance for application downtime. A best-practice action taken by the engineer is to configure an Applications and Threats update schedule with a new App-ID threshold of 48 hours.

Which two additional best-practice guideline actions should be taken with regard to dynamic updates? (Choose two.)

Configure an Applications and Threats update schedule with a threshold of 24 to 48 hours.

Click "Review Apps" after application updates are installed in order to assess how the changes might impact Security policy.

Create a Security policy rule with an application filter to always allow certain categories of new App-IDs.

Select the action "download-only" when configuring an Applications and Threats update schedule.

Correct Answer: B, C

For maintaining zero tolerance for application downtime, two best practice actions are vital. First, clicking 'Review Apps' after application updates helps in assessing how the changes might affect the security policy, ensuring there are no unforeseen negative impacts. Second, creating a Security policy rule with an application filter to always allow certain categories of new App-IDs helps in maintaining continuity by pre-approving new applications that fit specific criteria. This proactive approach helps in minimizing disruptions and ensuring seamless operation.

Discussion

rmorganqOptions: BC

B and C as per "Best Practices for Content Updates—Mission-Critical".

poiuytr

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-upgrade/software-and-content-updates/best-practices-for-app-and-threat-content-updates/best-practices-mission-critical

omgt2k2Options: BC

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/software-and-content-updates/best-practices-for-app-and-threat-content-updates/best-practices-mission-critical#id184AH00L078 Always review the new and modified App-IDs that a content release introduces, in order to assess how the changes might impact your security policy. The following topic describes the options you can use to update your security policy both before and after installing new App-IDs: Manage New and Modified App-IDs.

90fa8d0Options: BC

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/software-and-content-updates/best-practices-for-app-and-threat-content-updates/best-practices-mission-critical#id184AH00L078

MtroOptions: BC

Best practice action taken by the engineer is to configure a new App-ID threshold of 48 hours. The additional best practice actions are B and C

hcirOptions: BC

after re reading, A would be true if it said up to 48h, but it says between 24 and 48 hours. So B and C

MarshpillowzOptions: BC

B and C correct

evilCorpBot7494Options: BC

A is true, but it has already been done and D is not a good practice. Right answers are B and C, as reviewing apps is a good practice as per the link provided by omgt2k2, and C just makes sense.

wsdeffwdOptions: AC

A&C Security first customer: Should do hourly recurrence for download and install action and set threshold to less than 6 hours. Availability first customer: Should do daily recurrence for download and install action and set threshold in the range 24-48. https://live.paloaltonetworks.com/t5/best-practice-assessment-device/dynamic-updates-new-app-id-threshold/ta-p/338191

franko_72Options: BC

OK, I see lots more comments on here, upon 30 min review which takes up time when there is 580 ish questions! I think it's also B, C Def not D and A is for: Schedule content updates so that they download-and-install automatically. Then, set a Threshold that determines the amount of time the firewall waits before installing the latest content. In a mission-critical network, schedule up to a 48 hour threshold. So really it's probably A, B, C but since only 2 choices, B, C for General Best Practice and A for Security First approach.

JRKhanOptions: BD

BD are correct. C is a good to have but given it only mentions certain categories and question specifically said zero tolerance for app downtime it will not be the best option. Application Availability: The goal of Application Availability is to ensure that changes are implemented only after an administrator has assessed any potential impact. Updates to the application signatures are not installed until manually done so. However, this task delays the process of updating signatures. But for certain environments, Application Availability is a requirement. (Taken from Palo training course on best practices for App-ID and Threat Updates.)

Yetti254Options: BC

A doesn't help with the question B you should definitely do anyways thats a given C is best practice per palo D makes no sense So it's obviously BC

hcirOptions: AC

To minimize application downtime, answer is A and C. Install the content update up to 48h and create the app filter to allow always new apps of a specific category. Reviewing Apps is a good practice before installing the update not after.

omgt2k2

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBDbCAO&lang=en_US%E2%80%A9

franko_72Options: AC

Has to be AC, see link below from 90fa8d0.

90fa8d0Options: AC

Sorry.. its AC

Morpheus1Options: BC

Answer: B,C Create a security policy rule to always allow certain categories of new App-IDs Click Review Apps in order to assess how the changes might impact your security policy https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/software-and-content-updates/best-practices-for-app-and-threat-content-updates/best-practices-mission-critical#id184AH00L078