A
Always from the traffic log. Whether it is drilling down into traffic log details or enabling the decryption column.
Acquaint yourself with this reference:
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/verify-decryption.html
The question is about "log file" and SSL decrypt failures. ACC isn't a log file.
SLL decrypt failures you can see on Decryption log and in Traffic log (Session End Reason column)
B is correct according to the documentation.
The most common reasons for decryption failures are TLS protocol errors, cipher version errors (client and server version mismatches and client and Decryption profile version mismatches), and certificate errors. To investigate decryption errors, start with the Application Command Center (ACC) to identify failures and then go to the Decryption logs to drill down into details.
Option is is Traffic and NOT "Decryption logs"
https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-troubleshooting-workflow-examples/investigate-decryption-failure-reasons
B: Is the correct answer.
ACC>SSL Activity>Decryption failure reasones
Give you the information about the failure.
Traffic log can you verify if the treffic is encrypted or not.
There are no details about the failure.
I am going to go with B
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-troubleshooting-workflow-examples/investigate-decryption-failure-reasons
WHat people are selecting is for validating if decryption was used, but not for specific failures.
From this article: "To investigate decryption errors, start with the Application Command Center (ACC) to identify failures and then go to the Decryption logs to drill down into details."
So, the real answer might be the Decryption logs, which. of course, is not an option. LOL.
View Decrypted Traffic Sessions—Filter the Traffic Logs (MonitorLogsTraffic) using the filter ( flags has proxy )
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/verify-decryption#id185BG0KL0W1
Another tricky question, very common with PANW tests.
While I agree with "A", if you go to "Monitor > Decryption" you will see an "Error" and "Error Index" column (if you don't see it, you can enable it).
The Traffic log will only tell you if a session was decrypted or not, but no-decrypted traffic doesn't always mean a failure, it could often mean there's a decryption policy with action "no decrypt" or an SSL decryption exclusion or an error.
Something to think about...
I think that correct answer is B
PANOS Guide. Investigate Decryption Failure Reasons
Begin your investigation at ACC>SSL Activity and look at the Decryption Failure Reasons widget
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-troubleshooting-workflow-examples/investigate-decryption-failure-reasons.html#id1eee110d-3799-45ef-a4b0-e5e7fbd157af
IMHO: A - traffic log
specifically check session end reason where decrypted=yes and action=allowed. you'll see errors such as
decrypt-error
decrypt-cert-validation
The following tools provide full visibility into the TLS handshake and help you troubleshoot and monitor your decryption deployment:
ACC - SSL Activity
Monitor - Logs - Decryption
So as there is no Decryption listed as answer, ACC fits.
Correct answer is: A
PCNSE is based on PANOS10
https://live.paloaltonetworks.com/t5/certification-articles/pcnse-and-pcnsa-exam-changes-with-10-0/ta-p/344832
Could be B:
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-release-notes/pan-os-10-0-release-information/features-introduced-in-pan-os-10-0/decryption-features.html#ida1eb9d8c-515e-4e88-b217-1ebc025a45d4
"Use the new ACC features to identify traffic for which decryption causes problems and then use the new Decryption logs to drill down into details and solve the problem."
B - as from PAN-OS 10, troubleshooting SSL in done in the following process:
1. Check ACC decryption widgets to identify traffic that causes decryption issues
2. Drill down further using the Decryption Log.
It is not A because that simply tells you if the traffic was or was not decrypted. It does not in any way provide you with a means for troubleshooting. The question is asking you to troubleshoot.
Read "Troubleshoot and Monitor Decryption" for PAN-OS 10. It clearly lists your troubleshooting process for SSL decryption issues
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/troubleshoot-and-monitor-decryption.html
The Question is simply asking which 'log file' lists/identifies decrypt failures, not how and where do I troubleshoot them... The Application Command Center (ACC) is an analytical tool, not a log file. The only answer that makes sense is A Traffic log.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Daniel2020
Highly Voted 3 years, 9 months agoMicutzu
Highly Voted 8 months, 2 weeks ago0d2fdfa
Most Recent 2 months ago327c7c8
3 months, 2 weeks agoMarshpillowz
5 months, 4 weeks agonews088
10 months, 3 weeks agoduckduckgooo
1 year, 1 month agoPaloSteve
1 year agoDenskyDen
1 year, 5 months agoPaloSteve
1 year agoTAKUM1y
1 year, 9 months agoPretorian
1 year, 11 months agoFS68
2 years, 9 months agokike71
3 years agokike71
3 years agoduckduckgooo
1 year, 4 months agothegreek1
3 years, 1 month agokraut
3 years, 3 months agolucaboban
3 years, 4 months agoCKPH
3 years, 4 months agoPrutser2
3 years agoDaniel2020
3 years, 5 months agobmarks
3 years, 5 months agobmarks
3 years, 5 months ago