Exam PCNSE topic 1 question 308 discussion

A and C are both valid answers, however, Configuration log shows any configuration change to the candidate, even not commited. I tested that with my lab While config audit shows every change by Commit, with discrepancies between the 2 versions. As the question here is to track back a COMMITTED change, only C applies

Context-switching to the firewall ensures the administrator is reviewing the exact device impacted by the policy change.

Context-switching to the firewall ensures the administrator is reviewing the exact device impacted by the policy change. C is correct

A 100% verified

If it were several config changes, i would go for C but in this case it´s "policy change", meaning only 1 config change. Its' easier to check it on configuration logs

C : beacause preview change is available when you want to perform a commit and push. ( pre-view of your config )audit log can bring you the exact details of all detailed push and configuration performed by any others authorized users.

B is most appropriate as it provides evaluation of rules within the rule base. Since, the configuration has been pushed to the firewalls, the test policy function can be used. Preview changes or switching to firewall context and using config audit tool just compare the configurations.

Config Audit. Option C

Going with option C

C for sure! From Panorama you need to switch to the firewall you want, and then you can use the config audit tool to check the current config with the previous one.

change that was committed and pushed to a firewall device group - this means change was pushed from panorama, you will not find the panorama change in config audit if you are connected to the firewall, so C will not work

The config changes under the Monitor tab, only show you if the state of the commit, it doesn't show you the config change The audit tool shows you what has changed in the configuration as you can select 2 dates of the configuration and then compare, what has changed. Just checked now in Panorama. D its only relevant if the commit was not performed and B its out of the question I believe that the most appropriate answer is C here, as you can compare an old configuration with the most recent one to check what is different.

A : There is option for before and after change .

A is 100 % right

A (given how the question is worded). Misleading one IMO, admin needs to "evaluate recent policy change", then question asks for "identify the config change". evaluate = "Test policy match", nothing else would provide you better way to evaluate, so B mostly fits on this requirement identify = "Configuration log", as there you get an entry of every (recent and not only) change, so A mostly fits on this requirement finally to see exactly what the change in the config was, you can do the "configuration audit tool", so C would mostly fits here if they were asking for

I would go with A. The config audit tool shows the diff between the running config and the candidate config (saved config not yet committed). The question says that the config has already been committed, which means the running config and candidate config will be the same. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEaCAK

Configuration log Displays an entry for each configuration change. Each entry includes the date and time, the administrator username, the IP address from where the change was made, the type of client (web interface or CLI), the type of command executed, whether the command succeeded or failed, the configuration path, and the values before and after the change. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/monitor/monitor-logs/log-types