Exam PCNSE topic 1 question 576 discussion

Referred to articles: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-upgrade/software-and-content-updates/best-practices-for-app-and-threat-content-updates/best-practices-mission-critical It should be B and C

The question says, which two additional best-practice guideline actions should be taken with regard to dynamic updates? And zero tolerance for application downtime. Best practice action taken by the engineer is to configure a new App-ID threshold of 48 hours. and do not apply it Select the action "download-only" when configuring an Applications and Threats update schedule.

B,C Coorect

BD are correct

Best practice action taken by the engineer is to configure a new App-ID threshold of 48 hours. The additional best practice actions are B and C

after re reading, A would be true if it said up to 48h, but it says between 24 and 48 hours. So B and C

B and C as per "Best Practices for Content Updates—Mission-Critical".

B and C correct

A is true, but it has already been done and D is not a good practice. Right answers are B and C, as reviewing apps is a good practice as per the link provided by omgt2k2, and C just makes sense.

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/software-and-content-updates/best-practices-for-app-and-threat-content-updates/best-practices-mission-critical#id184AH00L078 Always review the new and modified App-IDs that a content release introduces, in order to assess how the changes might impact your security policy. The following topic describes the options you can use to update your security policy both before and after installing new App-IDs: Manage New and Modified App-IDs.

A&C Security first customer: Should do hourly recurrence for download and install action and set threshold to less than 6 hours. Availability first customer: Should do daily recurrence for download and install action and set threshold in the range 24-48. https://live.paloaltonetworks.com/t5/best-practice-assessment-device/dynamic-updates-new-app-id-threshold/ta-p/338191

OK, I see lots more comments on here, upon 30 min review which takes up time when there is 580 ish questions! I think it's also B, C Def not D and A is for: Schedule content updates so that they download-and-install automatically. Then, set a Threshold that determines the amount of time the firewall waits before installing the latest content. In a mission-critical network, schedule up to a 48 hour threshold. So really it's probably A, B, C but since only 2 choices, B, C for General Best Practice and A for Security First approach.

BD are correct. C is a good to have but given it only mentions certain categories and question specifically said zero tolerance for app downtime it will not be the best option. Application Availability: The goal of Application Availability is to ensure that changes are implemented only after an administrator has assessed any potential impact. Updates to the application signatures are not installed until manually done so. However, this task delays the process of updating signatures. But for certain environments, Application Availability is a requirement. (Taken from Palo training course on best practices for App-ID and Threat Updates.)

A doesn't help with the question B you should definitely do anyways thats a given C is best practice per palo D makes no sense So it's obviously BC

To minimize application downtime, answer is A and C. Install the content update up to 48h and create the app filter to allow always new apps of a specific category. Reviewing Apps is a good practice before installing the update not after.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBDbCAO&lang=en_US%E2%80%A9

Has to be AC, see link below from 90fa8d0.