Exam PCNSE topic 1 question 79 discussion

PCNSE 9 is current exam content [02/2021] *** ANSWER = A *** https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClboCAC The Question is simply asking how to verify if traffic was being decrypted. There are (2) ways to see this in the traffic logs: 1. To confirm that the traffic is decrypted inside the WebGUI > Monitor > Logs > Traffic. Click the magnifying glass icon in the traffic log entries to confirm that the connections were decrypted. 2. Another way to validate the decrypted session is by enabling the column "Decrypted" as below Traffic logs . This can be done by clicking on the arrow down next to any column title and selecting the Columns > Decrypted. This shows decrypted status in regular traffic log view.

I think its A.

Well certainly you want to check if your SSL traffic is being decrypted, so you would look onto traffic logs and apply the "Is decrypted" column. You usually check on Decryption logs when you know that decryption could be causing an issue (so besides the flag is Decrypted marks yes or no, you would see a session end reason: "decrypt-error" in the same traffic log). Based on daily workload I'd go with A.

When SSL decryption is configured and SSL sessions are being decrypted, the Decryption log is where the administrator can verify the details of the decrypted sessions. This log provides information about the SSL decryption process, including whether the decryption was successful, if there were any issues, and the details of the decrypted traffic.

PAN-OS 11 the decryption log can be filtered using a source address to see all decrypted sessions. “A” is also true but B is a better answer. This is a bad question.

Hello guys, here I am willing to help. I chose A because you can see if the traffic was decrypten with the column: is decrypted. You would use normally the decryption log to tshoot purposes, but its not this question (although you do can see if certain traffic is being decrypted by a decryptiuon rule in the decryption log).

To "verify" going into the traffic log is the quickest option

"Verify" is the key here. Traffic logs "decrypted" column is the best way to determine. Hence I vote for A

By default decryption logs only unsuccessful events .... A is correct.

Another stupid question with 2 answers. Both A and B are correct. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/verify-decryption After you configure a best practice decryption profile and apply it to traffic, you can check both the Decryption logs (introduced in PAN-OS 10.0) and the Traffic logs to verify that the firewall is decrypting the traffic.

By default, Decryption policies only log unsuccessful TLS handshakes.

I would lean towards option A as the question asks about how one can go about verifying if sessions are being decrypted. In the details of traffic log entry, you can check if the decrypt flag is marked or not. The decrypted log file introduced in PAN OS 10 on the other hand provides comprehensive information about individual session that are decrypted, the sessions that are marked for "no decrypt" in the decryption policy or any global protect sessions when you enable decryption logging in the global protect portal or gateway configuration.

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-logs#:~:text=The%20Decryption%20Log%20(MonitorLogsDecryption)%20provides%20comprehensive%20information%20about%20sessions%20that%20match%20a%20Decryption%20policy%20to%20help%20you%20gain%20context%20about%20that%20traffic%20so%20you%20can%20accurately%20and%20easily%20diagnose%20and%20resolve%20decryption%20issues

Answer:A is say clear when to find Decrypted. in traffic logs

Decryption Log

Very clear answer on PA website After you configure a best practice decryption profile and apply it to traffic, you can check both the Decryption logs https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/verify-decryption

The question t's about log ENTRY and not log TYPE.