Q: 9
[Data Ingestion and Integration]
In addition to using valid authentication credentials, what is required to enable the setup of the
Database Collector applet on the Broker VM to ingest database activity?
Options
Discussion
I don't think it's B or D here. The collector applet setup just asks for a valid SQL query that pulls the activity you want, not access to logs. Option A matches what I've seen in similar practice material. Happy if someone sees it differently but pretty sure A's correct since the others are more for audit/forensic cases.
A . Seen this in a lab before, just need a valid SQL query for the applet to ingest data.
Setup needs a valid SQL query so the Database Collector knows what data to ingest, so A fits best. Accessing logs (B or D) is more for continuous monitoring, but for initial setup the query is critical. Seen similar in exam prep materials too. I think A is right but always possible there’s some corner case I missed-anyone seen otherwise?
Not D, it's A here since you need a valid SQL query for setup not just log access.
C/D? The key here is the collector applet expects a valid SQL query for ingestion but if the database isn't configured to expose those tables, then B or D could matter. Pretty sure it's A unless the environment locks down custom queries. Anyone disagree?
Yeah, it's A. You need a valid SQL query as part of the collector setup process.
A imo. The setup process really focuses on needing a valid SQL query to pull the right activity, not just log access or schema. Not 100% on this but that's how I've seen it in practice.
B is tempting since audit logs are often used for monitoring, but for the Database Collector applet you actually need to provide a valid SQL query (A) during setup. That's how you specify which events or activity should be ingested. Palo Alto's docs highlight the SQL query piece, so I'd go A here. If anyone can point to a use case where B is required instead, I'm interested.
I was actually thinking B, since access to the audit log is usually important for tracking database activity. Not 100% sure though.
A is my pick, is correct here. Had something like this in a mock and it wanted a valid SQL query as part of the config process for the Database Collector applet, not just audit log or schema access. Pretty sure about this but open to pushback if I missed something subtle.
Be respectful. No spam.
