What are two best practices for incorporating new and modified App-IDs? (Choose two.)

1. A. Run the latest PAN-OS version in a supported release tree to have the best performance for the new App-IDs
2. B. Configure a security policy rule to allow new App-IDs that might have network-wide impact
3. C. Perform a Best Practice Assessment to evaluate the impact of the new or modified App-IDs
4. D. Study the release notes and install new App-IDs if they are determined to have low impact

Correct Answer: BD
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-app-ids-introduced-in-content

An engineer is bootstrapping a VM-Series Firewall Other than the 'config folder, which three directories are mandatory as part of the bootstrap package directory structure? (Choose three.)

1. A. /software
2. B. /opt
3. C. /license
4. D. /content
5. E. /plugins

Correct Answer: AD

An engineer has been tasked with reviewing traffic logs to find applications the firewall is unable to identify with App-ID. Why would the application field display as incomplete?

1. A. The client sent a TCP segment with the PUSH flag set.
2. B. The TCP connection was terminated without identifying any application data.
3. C. There is insufficient application data after the TCP connection was established.
4. D. The TCP connection did not fully establish.

Correct Answer: C

An engineer is designing a deployment of multi-vsys firewalls.
What must be taken into consideration when designing the device group structure?

1. A. Multiple vsys and firewalls can be assigned to a device group, and a multi-vsys firewall must have all its vsys in a single device group.
2. B. Only one vsys or one firewall can be assigned to a device group, except for a multi-vsys firewall, which must have all its vsys in a single device group.
3. C. Multiple vsys and firewalls can be assigned to a device group, and a multi-vsys firewall can have each vsys in a different device group.
4. D. Only one vsys or one firewall can be assigned to a device group, and a multi-vsys firewall can have each vsys in a different device group.

Correct Answer: A

Which Panorama feature protects logs against data loss if a Panorama server fails?

1. A. Panorama HA automatically ensures that no logs are lost if a server fails inside the HA Cluster.
2. B. Panorama Collector Group with Log Redundancy ensures that no logs are lost if a server fails inside the Collector Group.
3. C. Panorama HA with Log Redundancy ensures that no logs are lost if a server fails inside the HA Cluster.
4. D. Panorama Collector Group automatically ensures that no logs are lost if a server fails inside the Collector Group

Correct Answer: A