Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 138

How can an administrator configure the firewall to automatically quarantine a device using GlobalProtect?

Answer options

• A. by adding the device's Host ID to a quarantine list and configure GlobalProtect to prevent users from connecting to the GlobalProtect gateway from a quarantined device
• B. by exporting the list of quarantined devices to a pdf or csv file by selecting PDF/CSV at the bottom of the Device Quarantine page and leveraging the appropriate XSOAR playbook
• C. by using security policies, log forwarding profiles, and log settings
• D. there is no native auto-quarantine feature so a custom script would need to be leveraged

Correct answer: C

Explanation

The correct answer is C because using security policies, log forwarding profiles, and log settings allows for automated responses to quarantine devices based on specific criteria. Options A and B are incorrect as they describe manual processes instead of automation. Option D is also incorrect as it overlooks the capabilities provided by security policies in the firewall configuration.