Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 474

A root cause analysis investigation into a recent security incident reveals that several decryption rules have been disabled. The security team wants to generate email alerts when decryption rules are changed.

How should email log forwarding be configured to achieve this goal?

Answer options

• A. With the relevant system log filter inside Device > Log Settings
• B. With the relevant configuration log filter inside Device > Log Settings
• C. With the relevant configuration log filter inside Objects > Log Forwarding
• D. With the relevant system log filter inside Objects > Log Forwarding

Correct answer: B

Explanation

Option B is correct because the configuration log filter in Device > Log Settings is specifically designed to monitor changes in configuration, including decryption rules. The other options focus on system logs or incorrect locations, which would not provide the necessary alerts for changes in decryption rules.