What is used to stop a DNS-based threat?
A systems engineer (SE) is working with a customer that is fully cloud-deployed for all applications. The customer is interested in Palo Alto Networks NGFWs but describes the following challenges:
"Our apps are in AWS and Azure, with whom we have contracts and minimum-revenue guarantees. We would use the built-in firewall on the cloud service providers (CSPs), but the need for centralized policy management to reduce human error is more important."
Which recommendations should the SE make?
When a customer needs to understand how Palo Alto Networks NGFWs lower the risk of exploitation by newly announced vulnerabilities known to be actively attacked, which solution and functionality delivers the most value?
Regarding APIs, a customer RFP states: "The vendor’s firewall solution must provide an API with an enforcement mechanism to deactivate API keys after two hours." How should the response address this clause?