Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
A is the answer and not C.
Yes in PAN-OS 10 the Decryption Log was introduced but that is more suited for troubleshooting where decryption broke the SSL/TLS session. It is far easier to check if a session was decrypted by checking the Traffic Log.
It is clear here in the PAN-OS 10 Admin guide, section "Verify Decryption", that to check the Traffic Log to verify if decryption happened. Silly enough it also states in the very same document that you can check the decryption log (but, it seems to miss out that only for decryption failures).
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/verify-decryption.html
Here is the link for Decryption Log, you will read that it only logs unsuccessful decryption attempts.
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-logs.html#idb1b7e4a6-b48c-4ca7-8569-b785da780dd6
Now I am not running PAN-OS 10 in the real world so I can't say 100% but reading off the documentation, that is how I would answer the question.
As of, August 17th, the Palo Alto Networks Certified Network Security Engineer (PCNSE) and the Palo Alto Networks Certified Network Security Administrator (PCNSA) certification exams reflect changes based on PAN-OS 10.0. Correct Answer is C
https://live.paloaltonetworks.com/t5/certification-articles/pcnse-and-pcnsa-exam-changes-with-10-0/ta-p/344832
A
You missed the key word, whether or not it was decrypted. Decryption log is used for troubleshooting if decryption was busted, NOT whether or not something was decrypted.
I think A, because it say "whether a session was decrypted". Decryption log is for traffic is already decrypted, but in Traffic log you can see if the traffic is decrypted or not.
Although the newer version have dedicate log type for "Decryption", as others already pointed out, those logs can be used to troubleshoot decryption/negotiations issues. The question is asking how you can determine if session was decrypted - the best way to is still to check the details of the traffic log and see if the flag "decrypted" is checked.
In addition, according to documentations by default only the unsuccessful decryption handshakes will be logged under "Decryption", which means if session is successfully decrypted, no log will be shown here and you might think that session was not decrypted.
If a security rule is logging it will always show if it was decrypted (and is the simplest thing to look at). By default, the decryption rules log only on unsuccessful SSL handshakes. If you're troubleshooting, this is the log to go look at but if all you want to do is figure out decrypted yes/no, traffic log even in 10.0+.
There is now a decryption log: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-logs.html
A is correct: Decryption logs are dependent on traffic logs being enabled.
PAN-OS 10 doc cited here:
The Decryption log learns each session’s App-ID from the Traffic log, so Traffic logs must be enabled to see the App-ID in the Decryption log. If Traffic logs are disabled, the App-ID shows as incomplete.
Palo Alto introduces questions on the new version when it gets to the X.1.
So since now it is 10.0 the exam focuses on the 9.1 version, so correct answer is A, for the time being.
Ans is C
The Decryption Log (Monitor
Logs
Decryption
) provides comprehensive information about sessions that match a Decryption policy to help you gain context about that traffic so you can accurately and easily diagnose and resolve decryption issues. The firewall does not log traffic if the traffic does not match a Decryption policy.
v10 answer is C
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-logs.html
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Daniel2020
Highly Voted 3 years, 2 months agoCyberG
Highly Voted 3 years, 1 month agoGohanF2
1 year, 1 month agoduckduckgooo
1 year agoMarshpillowz
Most Recent 2 months agojavim
1 year, 2 months agodogeatdog
1 year, 3 months agoTAKUM1y
1 year, 5 months agospydog
1 year, 6 months agodien1991
1 year, 11 months agoJared28
2 years agoGivemeMoney
2 years, 2 months agoGivemeMoney
2 years, 2 months agoJoey456
2 years, 10 months agofrodo1791
2 years, 11 months agobmarks
3 years, 1 month agoPAUGURU
3 years, 2 months agoMS_NW
3 years, 4 months agoAli526
3 years, 3 months agoricky69
3 years, 3 months agobrah_brah
3 years, 5 months ago