Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam PCNSE topic 1 question 133 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 133
Topic #: 1
[All PCNSE Questions]

Which logs enable a firewall administrator to determine whether a session was decrypted?

  • A. Traffic
  • B. Security Policy
  • C. Decryption
  • D. Correlated Event
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Daniel2020
Highly Voted 3 years, 2 months ago
A is the answer and not C. Yes in PAN-OS 10 the Decryption Log was introduced but that is more suited for troubleshooting where decryption broke the SSL/TLS session. It is far easier to check if a session was decrypted by checking the Traffic Log. It is clear here in the PAN-OS 10 Admin guide, section "Verify Decryption", that to check the Traffic Log to verify if decryption happened. Silly enough it also states in the very same document that you can check the decryption log (but, it seems to miss out that only for decryption failures). https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/verify-decryption.html Here is the link for Decryption Log, you will read that it only logs unsuccessful decryption attempts. https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-logs.html#idb1b7e4a6-b48c-4ca7-8569-b785da780dd6 Now I am not running PAN-OS 10 in the real world so I can't say 100% but reading off the documentation, that is how I would answer the question.
upvoted 11 times
...
CyberG
Highly Voted 3 years, 1 month ago
As of, August 17th, the Palo Alto Networks Certified Network Security Engineer (PCNSE) and the Palo Alto Networks Certified Network Security Administrator (PCNSA) certification exams reflect changes based on PAN-OS 10.0. Correct Answer is C https://live.paloaltonetworks.com/t5/certification-articles/pcnse-and-pcnsa-exam-changes-with-10-0/ta-p/344832
upvoted 8 times
GohanF2
1 year, 1 month ago
This is true. Answer is C. The new exam is evaluating version. 10.0
upvoted 1 times
duckduckgooo
1 year ago
A You missed the key word, whether or not it was decrypted. Decryption log is used for troubleshooting if decryption was busted, NOT whether or not something was decrypted.
upvoted 1 times
...
...
...
Marshpillowz
Most Recent 2 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
javim
1 year, 2 months ago
Selected Answer: A
I think A, because it say "whether a session was decrypted". Decryption log is for traffic is already decrypted, but in Traffic log you can see if the traffic is decrypted or not.
upvoted 2 times
...
dogeatdog
1 year, 3 months ago
Selected Answer: C
C not A on 10.2 and 11.0
upvoted 1 times
...
TAKUM1y
1 year, 5 months ago
Selected Answer: A
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/verify-decryption
upvoted 4 times
...
spydog
1 year, 6 months ago
Selected Answer: A
Although the newer version have dedicate log type for "Decryption", as others already pointed out, those logs can be used to troubleshoot decryption/negotiations issues. The question is asking how you can determine if session was decrypted - the best way to is still to check the details of the traffic log and see if the flag "decrypted" is checked. In addition, according to documentations by default only the unsuccessful decryption handshakes will be logged under "Decryption", which means if session is successfully decrypted, no log will be shown here and you might think that session was not decrypted.
upvoted 3 times
...
dien1991
1 year, 11 months ago
Selected Answer: A
Traffic log can show status of decryption or not first.
upvoted 3 times
...
Jared28
2 years ago
Selected Answer: A
If a security rule is logging it will always show if it was decrypted (and is the simplest thing to look at). By default, the decryption rules log only on unsuccessful SSL handshakes. If you're troubleshooting, this is the log to go look at but if all you want to do is figure out decrypted yes/no, traffic log even in 10.0+.
upvoted 1 times
...
GivemeMoney
2 years, 2 months ago
Selected Answer: C
There is now a decryption log: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-logs.html
upvoted 1 times
GivemeMoney
2 years, 2 months ago
Per reading the document Monitor>Logs>Traffic traffic logs seems to be right after all, i change to answer A.
upvoted 1 times
...
...
Joey456
2 years, 10 months ago
A is correct: Decryption logs are dependent on traffic logs being enabled. PAN-OS 10 doc cited here: The Decryption log learns each session’s App-ID from the Traffic log, so Traffic logs must be enabled to see the App-ID in the Decryption log. If Traffic logs are disabled, the App-ID shows as incomplete.
upvoted 2 times
...
frodo1791
2 years, 11 months ago
The exam is based in panos 9.1 as far as I know, so answer should be A.
upvoted 1 times
...
bmarks
3 years, 1 month ago
Please keep in mind, the PCNSE 9 exam focuses only on PANOS 9.1 Answer = A Question is simply asking which log shows whether a session was decrypted.
upvoted 2 times
...
PAUGURU
3 years, 2 months ago
Palo Alto introduces questions on the new version when it gets to the X.1. So since now it is 10.0 the exam focuses on the 9.1 version, so correct answer is A, for the time being.
upvoted 4 times
...
MS_NW
3 years, 4 months ago
Answer is A. There´s no thing as Decryption log.
upvoted 1 times
Ali526
3 years, 3 months ago
Correct, but starting Version 10, there IS a 'decryption log'. PA should fix this question.
upvoted 2 times
...
ricky69
3 years, 3 months ago
Ans is C The Decryption Log (Monitor Logs Decryption ) provides comprehensive information about sessions that match a Decryption policy to help you gain context about that traffic so you can accurately and easily diagnose and resolve decryption issues. The firewall does not log traffic if the traffic does not match a Decryption policy.
upvoted 2 times
...
...
brah_brah
3 years, 5 months ago
v10 answer is C https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-logs.html
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...