Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks Exam NetSec-Generalist Topic 5 Question 8 Discussion

Actual exam question for Palo Alto Networks's NetSec-Generalist exam
Question #: 8
Topic #: 5
[All NetSec-Generalist Questions]

All branch sites in an organization have NGFWs running in production, and the organization wants to centralize its logs with Strata Logging Service.

Which type of certificate is required to ensure connectivity from the NGFWs to Strata Logging Service?

Show Suggested Answer Hide Answer
Suggested Answer: C

To centralize logs from NGFWs to the Strata Logging Service, a Root Certificate Authority (Root CA) certificate is required to ensure secure connectivity between firewalls and Palo Alto Networks' cloud-based Strata Logging Service.

Why a Root Certificate is Required?

Authenticates Firewall Connections -- Ensures NGFWs trust the Strata Logging Service.

Enables Encrypted Communication -- Protects log integrity and confidentiality.

Prevents Man-in-the-Middle Attacks -- Ensures secure TLS encryption for log transmission.

Why Other Options Are Incorrect?

A . Device

Incorrect, because Device Certificates are used for firewall management authentication, not log transmission to Strata Logging Service.

B . Server

Incorrect, because Server Certificates authenticate service endpoints, but firewalls need to trust a Root CA for secure logging connections.

D . Intermediate CA

Incorrect, because Intermediate CA certificates are used for validating certificate chains, but firewalls must trust the Root CA for establishing secure connections.

Reference to Firewall Deployment and Security Features:

Firewall Deployment -- Ensures secure log transmission to centralized services.

Security Policies -- Prevents log tampering and unauthorized access.

VPN Configurations -- Ensures VPN logs are securely sent to the Strata Logging Service.

Threat Prevention -- Ensures firewall logs are analyzed for security threats.

WildFire Integration -- Logs malware-related events to the cloud for analysis.

Zero Trust Architectures -- Ensures secure logging of all network events.

Thus, the correct answer is: C. Root


by Gayla at Mar 23, 2025, 09:37 AM

Limited Time Offer

25%

Off

Get Premium NetSec-Generalist Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Ona
3 months ago
Ugh, these certification questions are the worst. I'm just going to close my eyes and pick one. Maybe I'll get lucky and it'll be the right answer!
upvoted 0 times
Sophia
2 months ago
B) Server
upvoted 0 times
...
Arthur
2 months ago
A) Device
upvoted 0 times
...
...
Shizue
3 months ago
I'm going with 'C. Root' certificate. It's the big daddy of all certificates, so it should work, right? Plus, it sounds like the most secure option.
upvoted 0 times
Jade
2 months ago
I agree, 'C. Root' does sound like a secure choice for the certificates.
upvoted 0 times
...
Sarah
2 months ago
'A. Device' might be the best option for the NGFWs to connect to Strata Logging Service.
upvoted 0 times
...
Emerson
2 months ago
I'm not sure, maybe 'D. Intermediate CA' would be better for connectivity.
upvoted 0 times
...
Chantay
2 months ago
I think 'C. Root' is the way to go. It sounds secure.
upvoted 0 times
...
Candra
2 months ago
Let's go with 'C. Root' then, it seems like the safest choice.
upvoted 0 times
...
Carin
2 months ago
I agree with 'C. Root', it does sound like the most secure option.
upvoted 0 times
...
Nu
2 months ago
I'm not sure, maybe 'D. Intermediate CA' is needed for connectivity?
upvoted 0 times
...
Kate
2 months ago
I think 'C. Root' is the way to go. It sounds secure.
upvoted 0 times
...
...
Elke
3 months ago
I believe it's D) Intermediate CA, as it acts as a bridge between the Root CA and the end-entity certificate.
upvoted 0 times
...
Gerald
4 months ago
Wait, isn't a Device certificate used for, well, devices? I feel like that might be the right answer here, since the NGFWs are the devices we're talking about.
upvoted 0 times
...
Ligia
4 months ago
I'm not sure, but I think it might be C) Root certificate.
upvoted 0 times
...
Valene
4 months ago
Haha, I bet the answer is 'D. Intermediate CA'. That's the one that makes the most sense to me. Gotta love those certification exams and their tricky wording!
upvoted 0 times
...
Tresa
4 months ago
Hmm, I'm not so sure. Wouldn't a Root or Intermediate CA certificate be more appropriate in this case? I mean, we need to establish a chain of trust, right?
upvoted 0 times
Yuette
2 months ago
Yes, a Root certificate would be the best choice for ensuring connectivity from the NGFWs to Strata Logging Service.
upvoted 0 times
...
Antonio
2 months ago
C) Root
upvoted 0 times
...
Lashanda
2 months ago
I think you're right. We should use a Root or Intermediate CA certificate to establish that chain of trust.
upvoted 0 times
...
Ozell
2 months ago
D) Intermediate CA
upvoted 0 times
...
Trinidad
3 months ago
C) Root
upvoted 0 times
...
Ria
3 months ago
B) Server
upvoted 0 times
...
Vincent
3 months ago
A) Device
upvoted 0 times
...
...
Katlyn
4 months ago
I agree with Barbra, because Intermediate CA certificates are used for secure communication between devices and servers.
upvoted 0 times
...
Barbra
4 months ago
I think the answer is D) Intermediate CA.
upvoted 0 times
...
Sylvia
4 months ago
I think a Server certificate would be the best option to ensure secure connectivity between the NGFWs and the Strata Logging Service. After all, the logging service is the server we're connecting to.
upvoted 0 times
Shantay
2 months ago
Definitely, a Server certificate is the way to go for secure connectivity between the NGFWs and the Strata Logging Service.
upvoted 0 times
...
Brock
2 months ago
Yes, a Server certificate makes sense since we are connecting to the Strata Logging Service which acts as the server.
upvoted 0 times
...
Yvonne
3 months ago
I agree, a Server certificate would be the most appropriate choice in this scenario.
upvoted 0 times
...
Elden
3 months ago
D) Intermediate CA
upvoted 0 times
...
Rasheeda
3 months ago
C) Root
upvoted 0 times
...
Caprice
3 months ago
B) Server
upvoted 0 times
...
Josephine
4 months ago
A) Device
upvoted 0 times
...
...

Save Cancel