Palo Alto Networks Certified Strata Field Engineer (PCSFE) — Question 43
A cloud infrastructure architect wants to monitor NGFW in production running on Amazon Web Services (AWS). It is known that the software firewalls are able to publish native PAN-OS metrics to AWS CloudWatch. The cloud infrastructure architect is unable to browse any firewall metrics on CloudWatch.
Which two features are needed to remediate this issue? (Choose two.)
Answer options
- A. IAM policy with action = "cloudwatch:PutMetricData"
- B. IAM policy with action = "cloudwatch:SharetMetricData"
- C. CloudWatch Monitoring with namespace = VMseries
- D. CloudWatch Monitoring with namespace = aws
Correct answer: A, C
Explanation
The correct answer is A and C because the IAM policy with the action 'cloudwatch:PutMetricData' allows the firewall to send metrics to CloudWatch, while using the namespace 'VMseries' is necessary to categorize and retrieve the specific firewall metrics. Option B is incorrect as 'cloudwatch:SharetMetricData' is not a valid action, and option D is not appropriate as the AWS namespace does not pertain to the specific firewall metrics.