Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 165

A customer is replacing its legacy remote-access VPN solution. Prisma Access has been selected as the replacement. During onboarding, the following options and licenses were selected and enabled:
- Prisma Access for Remote Networks: 300Mbps
- Prisma Access for Mobile Users: 1500 Users
- Cortex Data Lake: 2TB
- Trusted Zones: trust
- Untrusted Zones: untrust
- Parent Device Group: shared
The customer wants to forward to a Splunk SIEM the logs that are generated by users that are connected to Prisma Access for Mobile Users. Which two settings must the customer configure? (Choose two.)

Answer options

• A. Configure Panorama Collector group device log forwarding to send logs to the Splunk syslog server.
• B. Configure Cortex Data Lake log forwarding and add the Splunk syslog server.
• C. Configure a log forwarding profile and select the Panorama/Cortex Data Lake checkbox. Apply the Log Forwarding profile to all of the security policy rules in Mobile_User_Device_Group.
• D. Configure a Log Forwarding profile, select the syslog checkbox, and add the Splunk syslog server. Apply the Log Forwarding profile to all of the security policy rules in the Mobile_User_Device_Group.

Correct answer: B, C

Explanation

The correct answers are B and C because B allows the logs from the Cortex Data Lake to be directed to the Splunk server, while C ensures that the security policy rules are set to forward logs properly. Option A is incorrect as it pertains to Panorama Collector group, which is not necessary for this scenario, and D is not correct because it does not involve the Cortex Data Lake, which is essential for this configuration.