Which two profiles should be configured when sharing tags from threat logs with a remote User-ID agent? (Choose two.)
Which two profiles should be configured when sharing tags from threat logs with a remote User-ID agent? (Choose two.)
To share tags from threat logs with a remote User-ID agent, you need to configure an HTTP server profile and a log forwarding profile. The HTTP server profile is used to forward logs to the remote User-ID agent, while the log forwarding profile defines how the logs should be handled by the firewall or Panorama before being sent. Consequently, the correct profiles to configure are HTTP and Log Forwarding.
C & D based on: >Threat logs, create a log forwarding profile to define how you want the firewall or Panorama to handle logs. >Configure an HTTP server profile to forward logs to a remote User-ID agent. > Select the log forwarding profile you created then select this server profile as the HTTP server profile https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/use-auto-tagging-to-automate-security-actions
This question was on the exam.. Nov 2023
BD is correct
I think this is C,D. HTTP Server Profile and Log Forwarding Profile https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-auto-tagging-to-automate-security-actions
C and D correct
C definitely from https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/use-auto-tagging-to-automate-security-actions . For Authentication, Data, Threat, Traffic, Tunnel Inspection, URL, and WildFire logs, create a log forwarding profile. For User-ID, GlobalProtect, and IP-Tag logs, configure the log settings. Has to be D.
CD is correct, refer to https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/use-auto-tagging-to-automate-security-actions
I agree Mercysayno.