Q: 6
When using the traffic replication feature in Prisma Access, where is the mirrored traffic directed for
analysis?
Options
Discussion
Option A here, but honestly if Palo adds support for forwarding mirrored traffic directly to a managed cloud-based analyzer that isn’t just a rebranded "internal" appliance, that would flip this to B. Until then, internal means what it means. Agree?
Option A
A
B , but if you check the official guide or lab environment, A matches most practice questions. Anyone seen this framed differently?
A unless the question was about post-event forensics, then B could make a case. But Prisma Access traffic replication is meant for live feeds to an internal security device, not just dumping data to cloud storage. Unless they've changed something recently, pretty sure it's A. Anyone see a scenario where you'd specify Panorama directly?
Its A for this one. Mirrored traffic goes to a specified internal security appliance, not SCM or cloud storage. Pretty sure that's how Prisma Access handles it.
A tbh, that's what I saw on a similar exam. Prisma Access sends the mirrored traffic straight to a specified internal security appliance for inspection, not Panorama or SCM. It's pretty clear in the docs too but open to correction if anyone knows different.
A is what I'd pick here. The traffic replication sends mirrored flows straight to an internal security appliance for inspection, not to Panorama or SCM. That's how you'd actually get real-time analysis. Correct me if I'm missing something.
A
A
Be respectful. No spam.
