ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 216 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 216
Topic #: 1
[All PCNSE Questions]

A customer is replacing its legacy remote-access VPN solution. Prisma Access has been selected as the replacement. During onboarding, the following options and licenses were selected and enabled:
- Prisma Access for Remote Networks: 300Mbps
- Prisma Access for Mobile Users: 1500 Users
- Cortex Data Lake: 2TB
- Trusted Zones: trust
- Untrusted Zones: untrust
- Parent Device Group: shared
The customer wants to forward to a Splunk SIEM the logs that are generated by users that are connected to Prisma Access for Mobile Users. Which two settings must the customer configure? (Choose two.)

  • A. Configure Panorama Collector group device log forwarding to send logs to the Splunk syslog server.
  • B. Configure Cortex Data Lake log forwarding and add the Splunk syslog server.
  • C. Configure a log forwarding profile and select the Panorama/Cortex Data Lake checkbox. Apply the Log Forwarding profile to all of the security policy rules in Mobile_User_Device_Group.
  • D. Configure a Log Forwarding profile, select the syslog checkbox, and add the Splunk syslog server. Apply the Log Forwarding profile to all of the security policy rules in the Mobile_User_Device_Group.
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by Marcyy at Dec. 11, 2021, 9:29 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DavidBackham2020
Highly Voted 2 years, 7 months ago
It's B&C. D would be correct for On-Prem firewalls, but you cannot directly forward Syslog from Prisma Access. You need to forward your logs to Cortex DL (C). From there, you can forward your logs to your SIEM (B) https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-log-forwarding-app/forward-logs-from-logging-service-to-syslog-server.html
upvoted 8 times
...
p48m1
Highly Voted 1 year, 4 months ago
How is this related to the PCNSE? Isn't Cortex and Prisma part of the other dedicated certs?
upvoted 7 times
...
DatITGuyTho1337
Most Recent 7 months, 2 weeks ago
We learning for PCNSE or Prisma Access?!
upvoted 3 times
...
mopui5154
2 years ago
Hi, there is another version of This question : What must be configured on Prisma Access to provide connectivity to the resources in the datacenter? A-Configure a mobile user gateway in the region closest to the datacenter to enable connectivity to the datacenter B-Configure a remote network to provide connectivity to the datacenter C-Configure Dynamic Routing to provide connectivity to the datacenter D-Configure a service connection to provide connectivity to the datacenter
upvoted 4 times
secdaddy
1 year, 10 months ago
Actually you're right - this question is still missing from examtopics (it is question 438 in the passleader dump)
upvoted 1 times
...
secdaddy
1 year, 10 months ago
This has been added as question 296 in this dump
upvoted 1 times
...
...
UFanat
2 years, 1 month ago
Selected Answer: BC
Prisma Access can send logs only to Cortex Data Lake (CDL), so you need to select Panorama/CDL checkbox in log forwarding profile. Then you should configure CDL to forward logs to Splunk.
upvoted 2 times
...
AbuHussain
2 years, 4 months ago
Selected Answer: BC
It's B&C
upvoted 2 times
...
Mp84047
2 years, 4 months ago
It's definitely B & C. Its all from Prima so D makes no sense and David is right about not being able to forward directly
upvoted 1 times
...
Micutzu
2 years, 8 months ago
I believe BD are correct. Prisma Access forward all the logs to Cortex Data Lake by default.
upvoted 2 times
...
Marcyy
2 years, 8 months ago
Maybe its BC.. Not sure.
upvoted 1 times
...
Marcyy
2 years, 8 months ago
I think it's BD. https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-log-forwarding-app/forward-logs-from-logging-service-to-syslog-server.html#id186BM029099
upvoted 2 times
confusion
2 years, 1 month ago
Nope, the link you've provided is for forwarding logs from Cortex DL to Syslog server, the question is asking to forward logs from Prisma to SIEM syslog, so that shall not be applicable to the question. I think it's BC.
upvoted 1 times
...
Plato22
2 years, 8 months ago
Agree, should be B and D. You have to pick your syslog server.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago