Which TWO statements are true about Palo Alto Networks firewall management access?
Management profiles define allowed services and source IPs for management access.
Why this answer
Option A is correct because management profiles are the mechanism that controls which services (e.g., HTTPS, SSH, ping) are permitted on a given interface for management access. Without an applied management profile, no management services are allowed on that interface, even if the service is globally enabled.
Exam trap
The trap here is that candidates often assume the MGT port is the only interface that can be used for management, but Palo Alto Networks allows any interface to be configured for management access via management profiles.