A cloud infrastructure architect wants to monitor NGFW in production running on Amazon Web Services (AWS). It is known that the software firewalls are able to publish native PAN-OS metrics to AWS CloudWatch. The cloud infrastructure architect is unable to browse any firewall metrics on CloudWatch.
Which two features are needed to remediate this issue? (Choose two.)
To remediate the issue of not being able to browse firewall metrics on CloudWatch, the IAM policy must have the action 'cloudwatch:PutMetricData', which allows the software firewall to publish its metrics to CloudWatch. Additionally, monitoring with the correct namespace is essential; the namespace for custom metrics (such as those published by third-party applications like the NGFW) should not start with 'aws'. Therefore, using the namespace 'VMseries' ensures the firewall metrics are categorized correctly in CloudWatch.
AC probably correct: https://docs.paloaltonetworks.com/vm-series/11-1/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/deploy-the-vm-series-firewall-on-aws/enable-cloudwatch-monitoring-on-the-vm-series-firewall
I think you are right. "Edit the IAM role to grant the following permissions: "Action": [ "cloudwatch:PutMetricData"" Answer is A "Enter the CloudWatch Namespace to which the firewall can publish metrics. The namespace cannot begin with AWS." Answer is C