Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Exam PCNSE topic 1 question 8 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 8
Topic #: 1
[All PCNSE Questions]

Refer to the exhibit.

An administrator cannot see any if the Traffic logs from the Palo Alto Networks NGFW on Panorama. The configuration problem seems to be on the firewall side.
Where is the best place on the Palo Alto Networks NGFW to check whether the configuration is correct?
A.

B.

C.

D.

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Cooldude89
Highly Voted 2 years, 4 months ago
In option A , panorama IP is incorrect
upvoted 13 times
...
Mp84047
Most Recent 2 months, 1 week ago
The key here is that it says ONLY TRAFFIC LOGS, so B is the only answer that works for only traffic log issues Which settings, if configured incorrectly, most likely would stop only Traffic logs from being sent from the NGFW to Panorama
upvoted 1 times
...
MarkyMarc
1 year, 2 months ago
For sure its B
upvoted 1 times
...
PAUGURU
1 year, 4 months ago
Question has changed, what I got in my exam was only the screenshots, without the initial network topology and the question was asking "what are the most probable configuration errror if only logs do not arrive on Panorama". So option B now is clearly the right answer.
upvoted 4 times
Pag0s
1 year, 3 months ago
the question is still confusing because PAN says that even if log forwarding is not enabled , less detailed logs still reach panorama
upvoted 1 times
...
...
renegade_xt
1 year, 4 months ago
in the question, it specifically states can not see logs. Which implies that Panorama is still able to manage devices, just doesn’t get logs. if Panorama is able to manage, IP address is correct, and image IP can be ignored. Which would move the answer to B P.S. PA tests writers dont usually trick you such with incorrect IP, its not Cisco ;) Just my 2 cents on the matter
upvoted 2 times
...
PacketFairy
1 year, 6 months ago
A - The Panorama address is wrong. Nothing will get to Panorama. The syslog screen shot is not relavent because they say no traffic logs on Panorama. And the screen shot showing no "Log Forwarding" profile is for a single Sec Policy. Every policy needs log forwarding to show up in Panorama. Only valid if a firewall has only 1 rule. And the last screen shot seems like some random Panorama config screen.
upvoted 3 times
...
lol1000
1 year, 6 months ago
Answer: A First of all you need to connect the Firewall to Panorama. Once that is done you configure your templates and device groups via Panorama and push that to the firewall. That includes policy and log forwarding. If you had misconfiguration on the firewall regarding logs that would be mitigated via Panorama push. https://docs.paloaltonetworks.com/panorama/9-0/panorama-admin/manage-log-collection/configure-log-forwarding-to-panorama.html
upvoted 1 times
...
nk12
1 year, 9 months ago
Correct Answer: B
upvoted 1 times
...
Moomyao
1 year, 11 months ago
A is the correct the up of panorama is wrong
upvoted 1 times
pamplemousse
1 year, 9 months ago
if you are not forwarding the logs, it does not matter is Panorama is not well configured, so B is more accurate answer.
upvoted 3 times
...
...
bnilam2
1 year, 11 months ago
B is the answer
upvoted 1 times
...
mmmasa
1 year, 11 months ago
agree with the rest, B as no log forwarding not configured. D's configuration reside in Panorama. The question specifically said the config issue is on FW side.
upvoted 1 times
...
Ab121213
2 years ago
Log forwarding is not enabled. B is the correct answer.
upvoted 4 times
...
rammsdoct
2 years ago
I guess that right answer is B if you have bad Panorama IP will not interfere with log-collection, if log collector ip is bad will no send logs to the collector, but if rule has been set to no log null.. no log will be generated so B is the right answer
upvoted 1 times
...
_taintsmasher
2 years, 1 month ago
Pretty sure its B, no log forwarding set. The IPs are wrong for both syslog and panorama, guessing that was oversight in the question writer.
upvoted 2 times
...
Mello
2 years, 6 months ago
The Answer is B, Log forwarding is set to null with no log wording profile set. No logs will be forwarded
upvoted 2 times
...
tester12
2 years, 7 months ago
Seems like the answer is B
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...