Exam NetSec-Analyst Topic 2 Question 70 Discussion

Actual exam question for Palo Alto Networks's NetSec-Analyst exam
Question #: 70
Topic #: 2

An organization is deploying a new application that uses non-standard ports for critical services and requires strict compliance logging of all access attempts, regardless of success or failure. The security team needs to ensure these specific sessions are always logged and accessible in Strata Logging Service with high fidelity. What configuration elements on the Palo Alto Networks firewall and within Strata Logging Service are essential to meet this requirement, and how can log volume be managed efficiently for these specific services without impacting performance?

A. On firewall: Create a security policy rule allowing the application traffic and set the 'Action' to 'allow' with 'Log at Session End' enabled. In Strata Logging Service: Configure a dedicated log profile for the application to push logs to a separate data bucket. B. On firewall: Create a security policy rule for the application traffic, set the 'Action' to 'allow', and ensure 'Log at Session Start' and 'Log at Session End' are enabled. For compliance, also create a 'deny' rule before the 'allow' rule with 'Log at Session Start' enabled for the same traffic to capture failed attempts. Use a 'Custom Log Forwarding Profile' attached to these rules, configured to send relevant log types (e.g., traffic, threat, url) to Strata Logging Service. Strata Logging Service automatically handles volume. C. On firewall: Configure mirroring of all traffic to a dedicated sensor that forwards logs directly to Strata Logging Service. In Strata Logging Service: Define a custom dashboard for the mirrored logs. D. On firewall: Enable packet capture for the specific ports and export PCAP files to Strata Logging Service for analysis. In Strata Logging Service: Utilize the PCAP viewer to analyze sessions. E. On firewall: Use an 'Intra-Zone' policy with 'Log at Session End' and configure a syslog profile to send logs to a local syslog server, not Strata Logging Service, for better control over log volume.

Suggested Answer: B Vote an answer

For high-fidelity logging of all access attempts (success or failure) and efficient log management for specific services: 1. On the firewall: Enabling 'Log at Session Start' and 'Log at Session End' on both 'allow' and a preceding 'deny' rule (for the same traffic) ensures both successful and failed attempts are logged. 2. Custom Log Forwarding Profiles are crucial as they allow granular control over which log types are sent and to which log receivers (Strata Logging Service). This prevents unnecessary logs from being sent, managing volume. 3. Strata Logging Service is designed to handle large log volumes and automatically scales; it doesn't require separate data buckets for individual applications in the way suggested by Option A, but rather provides powerful query capabilities to filter data. Packet capture (D) is too resource-intensive for continuous compliance logging. Mirroring (C) is a different mechanism for full packet visibility, not direct log forwarding.

by Daisy at Apr 29, 2026, 10:11 PM

Limited Time Offer

15%

Off

Get Premium NetSec-Analyst Questions as Interactive Self Test Engine or PDF

Comments

Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

RECENT DISCUSSIONS

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Disclaimer:
Actual4test doesn't offer Real SANS and GIAC Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4test material do not contain actual actual Oracle Exam Questions or material.
Actual4test doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4test Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4test does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4test does not own or claim any ownership on any of the brands.