Palo Alto Networks (PANW) Certified Network Security Administrator (PCNSA) Practice Exam

What is the remaining step for the security engineer to optimize syslog message forwarding after deploying the M-100 appliances?

• A. Enable individual syslog forwarding on each firewall
• B. Configure Collector Log Forwarding
• C. Install additional M-100 appliances
• D. Revert to individual syslog configurations

The correct answer is: Configure Collector Log Forwarding

The choice to configure Collector Log Forwarding is the correct step to optimize syslog message forwarding after deploying the M-100 appliances. The M-100 is a central management appliance designed by Palo Alto Networks to streamline and enhance the management of multiple firewalls. One of its primary functions includes consolidating logs from various sources, and configuring Collector Log Forwarding allows these logs to be efficiently collected and sent to the M-100 for centralized management and analysis. By utilizing Collector Log Forwarding, the security engineer can take full advantage of the capabilities offered by the M-100 appliance, such as improved performance in log handling, enhanced analysis tools, and the ability to correlate logs from multiple firewalls. This centralizes and simplifies log management, leading to better insights and reporting. In contrast, enabling individual syslog forwarding on each firewall would create a decentralized logging environment, which is contrary to the purpose of deploying the M-100. Installing additional M-100 appliances may not be necessary for optimizing the existing setup if the current infrastructure can handle the log management effectively. Lastly, reverting to individual syslog configurations would negate the benefits of having a centralized model with the M-100 appliance and would not contribute to optimization in this context.