Instead of disabling App-IDs regularly, a security policy rule is going to be configured to temporarily allow new App-IDs. In which two circumstances is it valid to disable App-IDs as part of content update-?
(Choose two)
A.
when planning to enable the App-IDs immediately
B.
when you want to immediately benefit from the latest threat prevention
C.
when disabling facebook-base to disable all other Facebook App-IDs
D.
when an organization operates a mission-critical network and has zero tolerance for downtime
Disabling App-IDs as part of a content update can be valid in the following circumstances:
B.When you want to immediately benefit from the latest threat prevention: Disabling certain App-IDs can help ensure that the latest threat prevention measures are applied without waiting for the App-IDs to be fully tested in a specific environment. This can be crucial in quickly addressing emerging threats.
D.When an organization operates a mission-critical network and has zero tolerance for downtime: In such environments, administrators might temporarily disable new or modified App-IDs to avoid potential disruptions caused by unverified or untested App-IDs. This ensures that the network remains stable and functional while the new App-IDs are evaluated in a controlled manner.
References:
Palo Alto Networks - Best Practices for Application and Threat Content Updates: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/app-id/manage-app-id/application-and-threat-content-updates
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit