New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks SD-WAN-Engineer Exam - Topic 3 Question 1 Discussion

Actual exam question for Palo Alto Networks's SD-WAN-Engineer exam
Question #: 1
Topic #: 3
[All SD-WAN-Engineer Questions]

When identifying devices for IoT classification purposes, which two methods does Prisma SD-WAN use to discover devices that are not directly connected to the branch ION? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C, D

Comprehensive and Detailed Explanation

Prisma SD-WAN (formerly CloudGenix) integrates with Palo Alto Networks IoT Security to provide comprehensive visibility into all devices at a branch, including those that are not directly connected to the ION device. While the ION automatically detects and classifies devices connected directly to its interfaces via traffic inspection (DPI), DHCP, and ARP analysis, gaining visibility into off-branch devices (devices connected to downstream switches or access points) requires additional discovery mechanisms that can query the network infrastructure or ingest its logs.

1. SNMP (Simple Network Management Protocol): This is the primary active discovery method for off-branch devices. The Prisma SD-WAN ION device acts as a sensor that actively polls local network switches and wireless controllers using SNMP. By querying the ARP tables and MAC address tables (Bridge MIBs) of these intermediate network devices, the ION can identify endpoints that are connected to the switch ports, even if those endpoints are not currently sending traffic through the ION. This allows the system to map the topology and discover silent or lateral-traffic-only devices.

2. Syslog: In conjunction with SNMP, the IoT Security solution can utilize Syslog messages to discover and profile devices. Network infrastructure devices (like switches and WLAN controllers) can be configured to send Syslog messages to the collection point (which enables the IoT Security service) whenever a device connects or disconnects (e.g., port up/down events, DHCP snooping logs, or 802.1x authentication logs). These logs provide real-time data about device presence and identity (MAC/IP mappings) for devices that are not directly adjacent to the ION, ensuring 100% visibility across the branch network segments. LLDP (A) and CDP (B) are typically Link Layer discovery protocols used for discovering directly connected neighbors and do not propagate beyond the immediate link, making them unsuitable for discovering devices multiple hops away or behind a switch.


by Izetta at Dec 17, 2025, 01:54 PM

Limited Time Offer

25%

Off

Get Premium SD-WAN-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lettie
5 days ago
LLDP and SNMP for sure. Prisma SD-WAN needs to be a real detective to find those elusive IoT devices.
upvoted 0 times
...
Fausto
11 days ago
Haha, Syslog? Really? That's like trying to find a needle in a haystack. LLDP and SNMP are the way to go.
upvoted 0 times
...
Leah
16 days ago
I’m confused about CDP and LLDP; they seem similar. I think I might have seen a question where both were options, but I can't recall the specifics.
upvoted 0 times
...
Dahlia
21 days ago
I feel like Syslog is more about logging events rather than discovering devices, so I’m leaning towards LLDP and SNMP.
upvoted 0 times
...
Laurel
26 days ago
I remember practicing a question about device discovery methods, and I think SNMP was one of the options. It might be a good choice here too.
upvoted 0 times
...
Cristy
1 month ago
I think LLDP and CDP are both related to device discovery, but I'm not entirely sure which ones Prisma SD-WAN actually uses.
upvoted 0 times
...
Malinda
1 month ago
Ah, I remember this from the Prisma SD-WAN training. They use SNMP and Syslog to discover devices that aren't directly connected to the branch ION. That's the key to solving this question.
upvoted 0 times
...
Dudley
1 month ago
I'm a bit unsure about this one. I know Prisma SD-WAN has some advanced device discovery capabilities, but I can't recall the specific methods they use for indirectly connected devices. I'll have to review my notes and try to eliminate the less likely options.
upvoted 0 times
...
Adolph
2 months ago
I've worked with Prisma SD-WAN before, and I'm pretty sure it uses SNMP and Syslog to discover devices that aren't directly connected to the branch ION. Those seem like the most likely options for this question.
upvoted 0 times
...
Staci
2 months ago
Okay, let's see. I know LLDP and CDP are common protocols for discovering directly connected devices, but I'm not sure if Prisma SD-WAN uses those for indirectly connected devices. SNMP and Syslog could be possibilities, but I'll need to double-check.
upvoted 0 times
...
Stephanie
2 months ago
Hmm, this seems like a tricky one. I'll need to think carefully about the different device discovery methods used by Prisma SD-WAN.
upvoted 0 times
...
Brigette
2 months ago
I'm going with LLDP and CDP. Gotta love those good old Cisco protocols, am I right?
upvoted 0 times
...
Gayla
2 months ago
I think it's LLDP and CDP. They’re commonly used for discovery.
upvoted 0 times
...
Katie
2 months ago
LLDP and SNMP seem like the obvious choices here. Prisma SD-WAN needs to discover those sneaky devices that try to hide from the network.
upvoted 0 times
...

Save Cancel