Explanation
As long as the action is set to allow, then it will still allow it. Threats that have the ability to become critical but have mitigating factors; for example, they may be difficult to exploit, do not result in elevated privileges, or do not have a large victim pool. WildFire Submissions log entries with a malicious verdict and an action set to allow are logged as High.https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/view-and-manage-logs/log-types-

Explanation
The Best Practice Assessment (BPA) tool compares the configuration of firewalls and Panorama to the Palo Alto Networks best practice recommendations. Run the BPA periodically to identify security weaknesses, see the best practice settings, and implement them to improve your security posture.https://docs.paloaltonetworks.com/best-practices/10-2/bpa-getting-started

Explanation
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/authentication/configure-multi-factor-authenticatio

Explanation
This combination of service and application, and order of Security policy rules, allows clear-text web-browsing traffic to the server on tcp/443. The first rule matches the web-browsing application on the service-https service, which is a predefined service object that includes tcp/443 as the default port. The second rule matches the ssl application on the application-default service, which is a dynamic service object that includes the default ports for each application. This rule is needed to allow the decrypted ssl traffic to pass through the firewall after the Forward Proxy rule. The order of the rules is important because the firewall evaluates the rules from top to bottom and applies the first matching rule.
https://live.paloaltonetworks.com/t5/general-topics/web-browsing-default-port-application/td-p/228859

Explanation
The QoS profile assigns different classes and guaranteed bandwidth percentages to different applications. The QoS policy rules apply the QoS profile to the traffic based on the source and destination zones. The priority of a class is determined by its number, with lower numbers having higher priority. The bandwidth of a class is determined by its guaranteed percentage, with higher percentages having more bandwidth. Based on this information, DNS belongs to class 1 which has the highest priority (1) and the most bandwidth (40%). SSH belongs to class 4 which has the lowest priority (4) and the least bandwidth (5%). Therefore, DNS has a higher priority and more bandwidth than SSH. Similarly, Google-video belongs to class 2 which has the second highest priority (2) and the second most bandwidth (30%). WebEx belongs to class 3 which has the third highest priority (3) and the third most bandwidth (25%). Therefore, Google-video has a higher priority and more bandwidth than WebEx. References:
:https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/quality-of-service/qos-concepts/qos-profiles