The correct answers are:
A. Updated application content may change how security policy rules are enforced
D. After an application content update, new applications are automatically identified and classified
'B' is not correct as there is no need to do any manual classification of applications.
I agree A & D are correct
As new App-IDs are introduced and delivered to the firewall via weekly updates, dynamic filters are automatically updated for those applications that meet the filter criteria. This helps
minimize administrative effort associated with security policy management.
Source: https://www.paloaltonetworks.com/resources/techbriefs/app-id-tech-brief.html
The answer should be A and B:
"A firewall admin must be careful before they install any App‐ID updates because some applications may have changed since the last App‐ID update (content update). For example, an application that was previously categorized under web‐browsing now may be categorized under its own unique App‐ID. Categorization of applications into more specific applications allows more granularity and control of applications within security policies. Because the new App‐ID no longer will be categorized as web‐browsing, no security policy now will contain this new App‐ID. Consequently, the new App‐ID will be blocked."
A: "Newly-categorized and modified App-IDs can change the way in which the firewall enforces traffic. Review the content update policy to see how new and modified App-IDs impact your Security policy and to easily make any necessary adjustments. You can review the content update policy for both downloaded and installed content."
The answer(s) are A&D. Please look at the following link: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/software-and-content-updates/app-and-threat-content-updates states "As the firewall automatically retrieves and installs the latest application and threat signatures (based on your custom settings), it starts enforcing security policy based on the latest App-IDs and threat protection without any additional configuration." This means B is incorrect and D is correct; further down it states, "Because new App-IDs can change how the security policy enforces traffic..." (this means A is correct and C is not);
Please DON'T take this exam IF you believe that App-ID updates can't break some of Security Policy Rules. The training Palo writes spends a great deal of time explaining how it can! Secondly, stop wishfully thinking everything is automatic. Dependencies must be allowed or denied after they are created. The answer here is clearly A and D.
The correct answers are:
A. Updated application content may change how security policy rules are enforced
D. After an application content update, new applications are automatically identified and classified.
For any manual process in app-id updates, the option disable content update must be done first, then the admin must allow new signatures manually
A & B are correct.
Updated or changed application identifiers MIGHT surely change the way security policy is applied if there's been changes or new additions. (A is correct). Therefore where there are NEW additions to applications and app identifiers, all the new app-IDs MUST be explicitly/manually included correctly in the security policy.(B is correct).
C is wrong.... it's silly to think security policy is not affected by app-id when it's in the app-id profile is used.
D is wrong...lost me at "automatically"
A and D. For people arguing for B, the wording seems to imply that an admin would have to manually classify new applications via application overrides or custom application signatures, which they do not have to do, this is done automatically, it's the whole point of the content update.
A and D
As the firewall automatically retrieves and installs the latest application and threat signatures (based on your custom settings), it starts enforcing security policy based on the latest App-IDs and threat protection without any additional configuration.
Because new App-IDs can change how the security policy enforces traffic, this more limited release of new App-IDs is intended to provide you with a predictable window in which you can prepare and update your security policy.
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/threat-prevention/app-and-threat-content-updates
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
rebet
Highly Voted 3 years, 11 months agoPANW
3 years, 8 months agoRedByte
Highly Voted 4 years, 2 months agoRivand
Most Recent 3 months, 4 weeks agoJ0aquin
4 months agoblu_gandalf
8 months, 1 week ago[Removed]
8 months, 3 weeks agoall_nicknames_are_taken
10 months, 3 weeks agoBMRobertson
11 months, 3 weeks agoargyris23
12 months agoAnkitkumar2029
1 year agoyurakoresh
1 year, 6 months agoLordScorpius
1 year, 10 months agoRaimz
1 year, 10 months agoerror_909
1 year, 10 months agoCyril_the_Squirl
2 years, 2 months agovdsdrs
2 years, 1 month agoKane002
2 years, 2 months agoRowdy_47
2 years, 4 months ago