ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 280 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 280
Topic #: 1
[All PCNSE Questions]

What are two best practices for incorporating new and modified App-IDs? (Choose two.)

  • A. Run the latest PAN-OS version in a supported release tree to have the best performance for the new App-IDs
  • B. Study the release notes and install new App-IDs if they are determined to have low impact
  • C. Configure a security policy rule to allow new App-IDs that might have network-wide impact
  • D. Perform a Best Practice Assessment to evaluate the impact of the new or modified App-IDs
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by mysteryzjoker at Sept. 12, 2022, 5:32 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NSO_Blue
2 months, 2 weeks ago
Selected Answer: AB
Why should C be correct? "network wide impact" is always negative characterised. Why should I do this automatically without testing?
upvoted 1 times
TR12345
2 weeks, 5 days ago
if you read that answer statement, and interpret it how I think Palo meant to say it, they are essentially saying to allow new app-id in your security policy rules that might impact your network instead of blocking it.
upvoted 1 times
...
...
ali_sh85
6 months ago
Selected Answer: AB
how C can be a correct answer? Automatically allowing new App-IDs without careful assessment can introduce security risks. It is important to review and test new App-IDs before allowing them in a production environment.
upvoted 4 times
...
Whizdhum
1 year, 1 month ago
Selected Answer: BC
Answers are B, C. Always review Content Release Notes for the list of newly-identified and modified application and threat signatures that the content release introduces. Configure a security policy rule to always allow new App-IDs that might have network-wide impact, like authentication or software development applications.
upvoted 2 times
...
Sammy3637
1 year, 1 month ago
Selected Answer: BC
You can also review Content Release Notes for apps and threats on the Palo Alto Networks Support Portal or directly in the firewall web interface: select Device Dynamic Updates and open the Release Note for a specific content release version.
upvoted 1 times
...
Billyon
1 year, 2 months ago
Selected Answer: BD
upvoted 1 times
...
TAKUM1y
2 years, 1 month ago
Selected Answer: BC
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-upgrade/software-and-content-updates/best-practices-for-app-and-threat-content-updates/best-practices-security-first#id184AH00F06E
upvoted 2 times
...
confusion
2 years, 2 months ago
Selected Answer: BC
BC Release notes + Security Policy
upvoted 2 times
...
TAKUM1y
2 years, 2 months ago
Selected Answer: BC
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/manage-new-app-ids-introduced-in-content-releases/app-id-updates-workflow
upvoted 1 times
...
mysteryzjoker
2 years, 4 months ago
BC https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/app-id/manage-new-app-ids-introduced-in-content-releases/app-id-updates-workflow#id182P00F0FEI
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago