Exam PSE-Strata-Pro-24 Topic 3 Question 18 Discussion
Actual exam question for Palo Alto Networks's PSE-Strata-Pro-24 exam
Question #: 18
Topic #: 3
Question #: 18
Topic #: 3
A current NGFW customer has asked a systems engineer (SE) for a way to prove to their internal management team that its NGFW follows Zero Trust principles. Which action should the SE take?
Suggested Answer: B Vote an answer
To demonstrate compliance with Zero Trust principles, a systems engineer can leverage the rich reporting and logging capabilities of Palo Alto Networks firewalls. The focus should be on creating reports that align with the customer's Zero Trust strategy, providing detailed insights into policy enforcement, user activity, and application usage.
* Option A:Scheduling a pre-built PDF report does not offer the flexibility to align the report with the customer's specific Zero Trust plan. While useful for automated reporting, this option is too generic for demonstrating Zero Trust compliance.
* Option B (Correct):Custom reportsin the "Monitor > Manage Custom Reports" tab allow the customer to build tailored reports that align with their Zero Trust plan. These reports can include granular details such as application usage, user activity, policy enforcement logs, and segmentation compliance. This approach ensures the customer can present evidence directly related to their Zero Trust implementation.
* Option C:Using a third-party tool is unnecessary as Palo Alto Networks NGFWs already have built-in capabilities to log, report, and demonstrate policy enforcement. This option adds complexity and may not fully leverage the native capabilities of the NGFW.
* Option D:TheApplication Command Center (ACC)is useful for visualizing traffic and historical data but is not a reporting tool. While it can complement custom reports, it is not a substitute for generating Zero Trust-specific compliance reports.
References:
* Managing Reports in PAN-OS: https://docs.paloaltonetworks.com
* Zero Trust Monitoring and Reporting Best Practices: https://www.paloaltonetworks.com/zero-trust
* Option A:Scheduling a pre-built PDF report does not offer the flexibility to align the report with the customer's specific Zero Trust plan. While useful for automated reporting, this option is too generic for demonstrating Zero Trust compliance.
* Option B (Correct):Custom reportsin the "Monitor > Manage Custom Reports" tab allow the customer to build tailored reports that align with their Zero Trust plan. These reports can include granular details such as application usage, user activity, policy enforcement logs, and segmentation compliance. This approach ensures the customer can present evidence directly related to their Zero Trust implementation.
* Option C:Using a third-party tool is unnecessary as Palo Alto Networks NGFWs already have built-in capabilities to log, report, and demonstrate policy enforcement. This option adds complexity and may not fully leverage the native capabilities of the NGFW.
* Option D:TheApplication Command Center (ACC)is useful for visualizing traffic and historical data but is not a reporting tool. While it can complement custom reports, it is not a substitute for generating Zero Trust-specific compliance reports.
References:
* Managing Reports in PAN-OS: https://docs.paloaltonetworks.com
* Zero Trust Monitoring and Reporting Best Practices: https://www.paloaltonetworks.com/zero-trust
by Georgia at Apr 13, 2025, 04:52 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).