Exam PCNSE All QuestionsBrowse all questions from this exam
Go to Exam
Question 216

A customer is replacing its legacy remote-access VPN solution. Prisma Access has been selected as the replacement. During onboarding, the following options and licenses were selected and enabled:

- Prisma Access for Remote Networks: 300Mbps

- Prisma Access for Mobile Users: 1500 Users

- Cortex Data Lake: 2TB

- Trusted Zones: trust

- Untrusted Zones: untrust

- Parent Device Group: shared

The customer wants to forward to a Splunk SIEM the logs that are generated by users that are connected to Prisma Access for Mobile Users. Which two settings must the customer configure? (Choose two.)

    Correct Answer: B, D

    To forward logs generated by users connected to Prisma Access for Mobile Users to a Splunk SIEM, first configure Cortex Data Lake log forwarding and add the Splunk syslog server to enable logs to be sent to the desired SIEM (B). Additionally, configure a Log Forwarding profile, select the syslog checkbox, and add the Splunk syslog server. Apply this profile to all the security policy rules in the Mobile_User_Device_Group to ensure that relevant logs are forwarded correctly (D). This ensures log forwarding is set up at both the Cortex Data Lake level and at the specific log forwarding profile level.

Discussion
DavidBackham2020Options: BC

It's B&C. D would be correct for On-Prem firewalls, but you cannot directly forward Syslog from Prisma Access. You need to forward your logs to Cortex DL (C). From there, you can forward your logs to your SIEM (B) https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-log-forwarding-app/forward-logs-from-logging-service-to-syslog-server.html

p48m1

How is this related to the PCNSE? Isn't Cortex and Prisma part of the other dedicated certs?

mopui5154

Hi, there is another version of This question : What must be configured on Prisma Access to provide connectivity to the resources in the datacenter? A-Configure a mobile user gateway in the region closest to the datacenter to enable connectivity to the datacenter B-Configure a remote network to provide connectivity to the datacenter C-Configure Dynamic Routing to provide connectivity to the datacenter D-Configure a service connection to provide connectivity to the datacenter

secdaddy

This has been added as question 296 in this dump

secdaddy

Actually you're right - this question is still missing from examtopics (it is question 438 in the passleader dump)

UFanatOptions: BC

Prisma Access can send logs only to Cortex Data Lake (CDL), so you need to select Panorama/CDL checkbox in log forwarding profile. Then you should configure CDL to forward logs to Splunk.

AbuHussainOptions: BC

It's B&C

MicutzuOptions: BD

I believe BD are correct. Prisma Access forward all the logs to Cortex Data Lake by default.

MarcyyOptions: BD

I think it's BD. https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-log-forwarding-app/forward-logs-from-logging-service-to-syslog-server.html#id186BM029099

Plato22

Agree, should be B and D. You have to pick your syslog server.

confusion

Nope, the link you've provided is for forwarding logs from Cortex DL to Syslog server, the question is asking to forward logs from Prisma to SIEM syslog, so that shall not be applicable to the question. I think it's BC.

DatITGuyTho1337

We learning for PCNSE or Prisma Access?!

Mp84047Options: BC

It's definitely B & C. Its all from Prima so D makes no sense and David is right about not being able to forward directly

MarcyyOptions: BD

Maybe its BC.. Not sure.