PCNSE Question #754: Real Exam Question with Answer & Explanation

The correct answer is D: Block the destination IP addresses of selected unwanted traffic.. The Log Forwarding built-in action with tagging dynamically registers IP address tags to the firewall's User-ID and Dynamic Address Group (DAG) infrastructure. When a log matches the defined criteria, the firewall tags the associated destination IP address. Security policy rules

Submitted by brentm· Apr 18, 2026Deploy and Configure

Question

What can the Log Forwarding built-in action with tagging be used to accomplish?

Options

AForward selected logs to the Azure Security Center.
BBlock the destination zones of selected unwanted traffic.
CBlock the source zones of selected unwanted traffic.
DBlock the destination IP addresses of selected unwanted traffic.

Explanation

The Log Forwarding built-in action with tagging dynamically registers IP address tags to the firewall's User-ID and Dynamic Address Group (DAG) infrastructure. When a log matches the defined criteria, the firewall tags the associated destination IP address. Security policy rules referencing a DAG containing that tag will then block traffic to those destination IPs. This enables automated enforcement in response to observed threats. Options A (Azure Security Center forwarding) and B/C (blocking zones) are not functions of the tagging built-in action - zone-based blocking is not possible through tagging, and log forwarding to Azure uses a different mechanism (Syslog/HTTP profiles).

Topics

#Log Forwarding#IP Tagging#Security Policies#Dynamic Address Groups

Community Discussion

No community discussion yet for this question.

Full PCNSE Practice Browse All PCNSE Questions