Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Palo-Alto-Networks Discussions

Exam PCNSE topic 1 question 216 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 216
Topic #: 1
[All PCNSE Questions]

A customer is replacing its legacy remote-access VPN solution. Prisma Access has been selected as the replacement. During onboarding, the following options and licenses were selected and enabled:
- Prisma Access for Remote Networks: 300Mbps
- Prisma Access for Mobile Users: 1500 Users
- Cortex Data Lake: 2TB
- Trusted Zones: trust
- Untrusted Zones: untrust
- Parent Device Group: shared
The customer wants to forward to a Splunk SIEM the logs that are generated by users that are connected to Prisma Access for Mobile Users. Which two settings must the customer configure? (Choose two.)

  • A. Configure Panorama Collector group device log forwarding to send logs to the Splunk syslog server.
  • B. Configure Cortex Data Lake log forwarding and add the Splunk syslog server.
  • C. Configure a log forwarding profile and select the Panorama/Cortex Data Lake checkbox. Apply the Log Forwarding profile to all of the security policy rules in Mobile_User_Device_Group.
  • D. Configure a Log Forwarding profile, select the syslog checkbox, and add the Splunk syslog server. Apply the Log Forwarding profile to all of the security policy rules in the Mobile_User_Device_Group.
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
Reference:
https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-log-forwarding-app/forward-logs-from- logging-service-to-syslog-server.html
by Marcyy at Dec. 11, 2021, 9:29 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
DavidBackham2020
Highly Voted 2 years, 6 months ago
It's B&C. D would be correct for On-Prem firewalls, but you cannot directly forward Syslog from Prisma Access. You need to forward your logs to Cortex DL (C). From there, you can forward your logs to your SIEM (B) https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-log-forwarding-app/forward-logs-from-logging-service-to-syslog-server.html
upvoted 8 times
...
p48m1
Highly Voted 1 year, 3 months ago
How is this related to the PCNSE? Isn't Cortex and Prisma part of the other dedicated certs?
upvoted 6 times
...
DatITGuyTho1337
Most Recent 6 months, 1 week ago
We learning for PCNSE or Prisma Access?!
upvoted 1 times
...
mopui5154
1 year, 11 months ago
Hi, there is another version of This question : What must be configured on Prisma Access to provide connectivity to the resources in the datacenter? A-Configure a mobile user gateway in the region closest to the datacenter to enable connectivity to the datacenter B-Configure a remote network to provide connectivity to the datacenter C-Configure Dynamic Routing to provide connectivity to the datacenter D-Configure a service connection to provide connectivity to the datacenter
upvoted 4 times
secdaddy
1 year, 9 months ago
This has been added as question 296 in this dump
upvoted 1 times
...
secdaddy
1 year, 9 months ago
Actually you're right - this question is still missing from examtopics (it is question 438 in the passleader dump)
upvoted 1 times
...
...
UFanat
2 years ago
Selected Answer: BC
Prisma Access can send logs only to Cortex Data Lake (CDL), so you need to select Panorama/CDL checkbox in log forwarding profile. Then you should configure CDL to forward logs to Splunk.
upvoted 2 times
...
AbuHussain
2 years, 3 months ago
Selected Answer: BC
It's B&C
upvoted 2 times
...
Mp84047
2 years, 3 months ago
It's definitely B & C. Its all from Prima so D makes no sense and David is right about not being able to forward directly
upvoted 1 times
...
Micutzu
2 years, 6 months ago
I believe BD are correct. Prisma Access forward all the logs to Cortex Data Lake by default.
upvoted 2 times
...
Marcyy
2 years, 6 months ago
Maybe its BC.. Not sure.
upvoted 1 times
...
Marcyy
2 years, 6 months ago
I think it's BD. https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-log-forwarding-app/forward-logs-from-logging-service-to-syslog-server.html#id186BM029099
upvoted 2 times
Plato22
2 years, 6 months ago
Agree, should be B and D. You have to pick your syslog server.
upvoted 2 times
...
confusion
1 year, 12 months ago
Nope, the link you've provided is for forwarding logs from Cortex DL to Syslog server, the question is asking to forward logs from Prisma to SIEM syslog, so that shall not be applicable to the question. I think it's BC.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in

Claim Offer Now
286 people claimed it in the last 6 hours