Palo Alto Networks Network Security Analyst — Question 2

To comply with new regulations, a company requires all traffic logs related to the "HR-App" application across all Security policies be sent to a compliance syslog server. A Log Forwarding profile already exists to send logs to a default syslog server.
What is the most efficient process for configuring an NGFW to comply with the new regulations without disrupting existing traffic logs being sent to the default syslog server?

Answer options

• A. Edit the existing Log Forwarding profile by adding a new match list consisting of Log Forwarding filter for the application named "HR-App" to direct logs to the compliance syslog server.
• B. Create a new Log Forwarding profile, update the profile with the details of the compliance syslog server and attach the profile to the relevant Security policy rule.
• C. Edit the existing Log Forwarding profile, add a new entry, use the filter builder to match on application "HR-App, " and add the details for the compliance syslog server.
• D. Create a Log Forwarding profile and enable the predefined filter for "Application" In the associated dropdown, select or create a new application object with the name "HR-App," and add the details for the compliance syslog server.

Correct answer: C

Explanation

Option C is correct because it allows for the modification of the existing Log Forwarding profile to include specific logging for the 'HR-App' without disrupting the current log flow to the default syslog server. Options A and D are incorrect as they do not efficiently address the requirement to modify the existing flow, while option B creates a new profile which could complicate the logging process instead of streamlining it.