A root cause analysis investigation into a recent security incident reveals that several decryption rules have been disabled. The security team wants to generate email alerts when decryption rules are changed.

How should email log forwarding be configured to achieve this goal?

An engineer has been given approval to upgrade their environment to the latest of PAN-OS.

The environment consists of both physical and virtual firewalls, a virtual Panorama HA pair, and virtual log collectors.

What is the recommended order of operational steps when upgrading?

An administrator has a Palo Alto Networks NGFW. All security subscriptions and decryption are enabled and the system is running close to its resource limits.

Knowing that using decryption can be resource-intensive, how can the administrator reduce the load on the firewall?

A firewall engineer has determined that, in an application developed by the company’s internal team, sessions often remain idle for hours before the client and server exchange any data. The application is also currently identified as unknown-tcp by the firewalls. It is determined that because of a high level of trust, the application does not require to be scanned for threats, but it needs to be properly identified in Traffic logs for reporting purposes.

Which solution will take the least time to implement and will ensure the App-ID engine is used to identify the application?

• A. Create a custom application with specific timeouts and signatures based on patterns discovered in packet captures.

• B. Access the Palo Alto Networks website and complete the online form to request that a new application be added to App-ID.

• C. Create a custom application with specific timeouts, then create an application override rule and reference the custom application.

• D. Access the Palo Alto Networks website and raise a support request through the Customer Support Portal.

What happens when the log forwarding built-in action with tagging is used?

A firewall engineer creates a source NAT rule to allow the company’s internal private network 10.0.0.0/23 to access the internet. However, for security reasons, one server in that subnet (10.0.0.10/32) should not be allowed to access the internet, and therefore should not be translated with the NAT rule.

What are three prerequisites to enable Credential Phishing Prevention over SSL? (Choose three.)