Best practice action taken by the engineer is to configure a new App-ID threshold of 48 hours. The additional best practice actions are B and C

after re reading, A would be true if it said up to 48h, but it says between 24 and 48 hours. So B and C

B and C as per "Best Practices for Content Updates—Mission-Critical".

B and C correct

A is true, but it has already been done and D is not a good practice. Right answers are B and C, as reviewing apps is a good practice as per the link provided by omgt2k2, and C just makes sense.

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/software-and-content-updates/best-practices-for-app-and-threat-content-updates/best-practices-mission-critical#id184AH00L078 Always review the new and modified App-IDs that a content release introduces, in order to assess how the changes might impact your security policy. The following topic describes the options you can use to update your security policy both before and after installing new App-IDs: Manage New and Modified App-IDs.

A&C Security first customer: Should do hourly recurrence for download and install action and set threshold to less than 6 hours. Availability first customer: Should do daily recurrence for download and install action and set threshold in the range 24-48. https://live.paloaltonetworks.com/t5/best-practice-assessment-device/dynamic-updates-new-app-id-threshold/ta-p/338191

OK, I see lots more comments on here, upon 30 min review which takes up time when there is 580 ish questions! I think it's also B, C Def not D and A is for: Schedule content updates so that they download-and-install automatically. Then, set a Threshold that determines the amount of time the firewall waits before installing the latest content. In a mission-critical network, schedule up to a 48 hour threshold. So really it's probably A, B, C but since only 2 choices, B, C for General Best Practice and A for Security First approach.

BD are correct. C is a good to have but given it only mentions certain categories and question specifically said zero tolerance for app downtime it will not be the best option. Application Availability: The goal of Application Availability is to ensure that changes are implemented only after an administrator has assessed any potential impact. Updates to the application signatures are not installed until manually done so. However, this task delays the process of updating signatures. But for certain environments, Application Availability is a requirement. (Taken from Palo training course on best practices for App-ID and Threat Updates.)

A doesn't help with the question B you should definitely do anyways thats a given C is best practice per palo D makes no sense So it's obviously BC

To minimize application downtime, answer is A and C. Install the content update up to 48h and create the app filter to allow always new apps of a specific category. Reviewing Apps is a good practice before installing the update not after.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBDbCAO&lang=en_US%E2%80%A9

Has to be AC, see link below from 90fa8d0.

Sorry.. its AC

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/software-and-content-updates/best-practices-for-app-and-threat-content-updates/best-practices-mission-critical#id184AH00L078

Answer: B,C Create a security policy rule to always allow certain categories of new App-IDs Click Review Apps in order to assess how the changes might impact your security policy https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/software-and-content-updates/best-practices-for-app-and-threat-content-updates/best-practices-mission-critical#id184AH00L078