Discovering Applications on the Network (Answer A):

Policy Optimizer analyzes traffic logs to identify applications running on the network that are

currently being allowed by port-based or overly permissive policies.

It provides visibility into these applications, enabling administrators to transition to more secure,

application-based policies over time.

Converting Broad Rules into Narrow Rules (Answer B):

Policy Optimizer helps refine policies by converting broad application filters (e.g., rules that allow all

web applications) into narrower rules based on specific application groups.

This reduces the risk of overly permissive access while maintaining granular control.

Migrating from Port-Based Rules to Application-Based Rules (Answer C):

One of the primary use cases for Policy Optimizer is enabling organizations to migrate from legacy

port-based rules to application-based rules, which are more secure and aligned with Zero Trust

principles.

Policy Optimizer identifies traffic patterns and automatically recommends the necessary application-

based policies.

Why Not D:

5-tuple attributes (source IP, destination IP, source port, destination port, protocol) are used in

traditional firewalls. Simplifying these attributes to 4-tuple (e.g., removing the protocol) is not a use

case for Policy Optimizer, as Palo Alto Networks NGFWs focus on application-based policies, not just

5-tuple matching.

Why Not E:

Automating tagging of rules based on historical log data is not a specific feature of Policy Optimizer.

While Policy Optimizer analyzes log data to recommend policy changes, tagging is not its primary use

case.

Reference from Palo Alto Networks Documentation:

Policy Optimizer Overview

Transitioning to Application-Based Policies