ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam NGFW-Engineer All Questions

View all questions & answers for the NGFW-Engineer exam
Go to Exam

Exam NGFW-Engineer topic 1 question 9 discussion

Actual exam question from Palo Alto Networks's NGFW-Engineer
Question #: 9
Topic #: 1
[All NGFW-Engineer Questions]

An NGFW engineer is configuring multiple Panorama-managed firewalls to start sending all logs to Strata Logging Service. The Strata Logging Service instance has been provisioned, the required device certificates have been installed, and Panorama and the firewalls have been successfully onboarded to Strata Logging Service.
Which configuration task must be performed to start sending the logs to Strata Logging Service and continue forwarding them to the Panorama log collectors as well?

  • A. Modify all active Log Forwarding profiles to select the “Cloud Logging” option in each profile match list in the appropriate device groups.
  • B. Enable the “Panorama/Cloud Logging” option in the Logging and Reporting Settings section under Device --> Setup --> Management in the appropriate templates.
  • C. Select the “Enable Duplicate Logging” option in the Cloud Logging section under Device --> Setup --> Management in the appropriate templates.
  • D. Select the “Enable Cloud Logging” option in the Cloud Logging section under Device --> Setup --> Management in the appropriate templates.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by ThelioNN at May 12, 2025, 10:42 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mirko1976
3 weeks, 5 days ago
Selected Answer: C
When configuring Panorama-managed firewalls to send logs to both the Strata Logging Service (formerly Cortex Data Lake) and Panorama log collectors, you need to enable duplicate logging. This ensures that logs are sent to both destinations simultaneously. Strata Logging Service becomes the primary log storage once onboarded. However, if you still want logs to be available on Panorama log collectors, you must explicitly enable duplicate logging.
upvoted 1 times
...
Kick86
4 weeks, 1 day ago
Selected Answer: A
Add the log forwarding profile match list for each log type - click Add > Log Forwarding profile Match List and select the log type you want to forward. Select Panorama/Cloud Logging as the Forward Method to enable the firewalls in the device group to send logs so you can monitor the logs and generate reports from Panorama.
upvoted 1 times
...
0d6e481
1 month ago
Selected Answer: C
For firewalls running PAN-OS 8.1 or later releases, you can opt to send logs to both the Strata Logging Service and to your Panorama and on premise log collection setup when you select Enable Duplicate Logging (Cloud and On-Premise). When enabled, the firewalls that belong to the selected Template will save a copy of the logs to both locations. You may select either Enable Duplicate Logging (Cloud and On-Premise) or Enable Strata Logging Service, but not both. https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/manage-log-collection/forward-logs-to-strata-logging-service
upvoted 1 times
...
ThelioNN
1 month ago
Selected Answer: C
C as they want to continue sending also to Panorama
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel