nerdexam
Palo_Alto_Networks

PCCSE · Question #161

Anomaly policy uses which two logs to identify unusual network and user activity? (Choose two.)

The correct answer is A. Network flow B. Audit. Prisma Cloud anomaly policies rely on two primary log sources to detect unusual behavior. Network flow logs (A) are used to baseline and identify abnormal network traffic patterns, such as port scans, unusual data volumes, or connections to suspicious IPs. Audit logs (B) capture

Security Operations and Incident Response

Question

Anomaly policy uses which two logs to identify unusual network and user activity? (Choose two.)

Options

  • ANetwork flow
  • BAudit
  • CTraffic
  • DUsers

How the community answered

(35 responses)
  • A
    89% (31)
  • C
    9% (3)
  • D
    3% (1)

Explanation

Prisma Cloud anomaly policies rely on two primary log sources to detect unusual behavior. Network flow logs (A) are used to baseline and identify abnormal network traffic patterns, such as port scans, unusual data volumes, or connections to suspicious IPs. Audit logs (B) capture API-level user activity and are used to detect unusual user behavior such as logins from atypical geolocations, credential abuse, or access pattern anomalies. Traffic (C) and Users (D) are not distinct log types used by anomaly policies in Prisma Cloud's terminology - the platform specifically references 'network flow' and 'audit' logs as the two sources for anomaly detection.

Topics

#Anomaly Detection#Security Logs#Network Security#User Activity Monitoring

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice