Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 221

A network security engineer has applied a File Blocking profile to a rule with the action of Block. The user of a Linux CLI operating system has opened a ticket.
The ticket states that the user is being blocked by the firewall when trying to download a TAR file. The user is getting no error response on the system.
Where is the best place to validate if the firewall is blocking the user's TAR file?

Answer options

• A. Threat log
• B. Data Filtering log
• C. WildFire Submissions log
• D. URL Filtering log

Correct answer: B

Explanation

The Data Filtering log is the most appropriate place to check for file blocking activities, as it specifically records instances where files are blocked based on configured profiles. The Threat log primarily tracks security threats, the WildFire Submissions log records files sent for analysis, and the URL Filtering log monitors web traffic and blocked URLs, not individual file types.