Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 537

A firewall administrator wants to avoid overflowing the company syslog server with traffic logs.
What should the administrator do to prevent the forwarding of DNS traffic logs to syslog?

Answer options

• A. Disable logging on security rules allowing DNS.
• B. Go to the Log Forwarding profile used to forward traffic logs to syslog. Then, under traffic logs match list, create a new filter with application not equal to DNS.
• C. Go to the Log Forwarding profile used to forward traffic logs to syslog. Then, under traffic logs match list, create a new filter with application equal to DNS.
• D. Create a security rule to deny DNS traffic with the syslog server in the destination.

Correct answer: B

Explanation

The correct answer is B because it effectively filters out DNS traffic logs from being forwarded to the syslog server by specifying that the application should not equal DNS. Option A simply disables logging for DNS traffic, which may be too broad of an action. Option C incorrectly attempts to filter in DNS logs instead of excluding them, and Option D would block DNS traffic entirely rather than just managing the log forwarding.