Learn the correct Resource Query Language (RQL) string that uses network query attributes to return all traffic destined for Internet or Suspicious IPs, also exceeding 1GB. Discover the solution and understand the syntax to master RQL queries for your certification exam.
Table of Contents
Question
Which Resource Query Language (RQL) string using network query attributes returns all traffic destined for Internet or Suspicious IPs, what also exceed 1GB?
A. network from vpc.flow_record where publicnetwork = ( ‘Internet IPs’, ‘Suspicious IPs’ ) AND bytes > 1000000000
B. network from vpc.flow_record where bytes > 1GB and destination = ‘Internet IPs’ OR ‘Suspicious IPs’
C. show traffic from vpc.flow_record where destination.network = ( ‘Internet IPs’, ‘Suspicious IPs’ ) AND bytes > 1000000000
D. network from vpc.flow_record where dest.publicnetwork IN ( ‘Internet IPs’, ‘Suspicious IPs’ ) AND bytes > 1000000000
Answer
D. network from vpc.flow_record where dest.publicnetwork IN ( ‘Internet IPs’, ‘Suspicious IPs’ ) AND bytes > 1000000000
Explanation
The RQL query in option D correctly uses the following elements to return the desired traffic:
- “network from vpc.flow_record” specifies that we are querying network traffic from the VPC flow records.
- “where dest.publicnetwork IN ( ‘Internet IPs’, ‘Suspicious IPs’ )” filters the traffic based on the destination public network attribute, which should be either “Internet IPs” or “Suspicious IPs”. The “IN” operator is used to check if the value matches any of the options within the parentheses.
- “AND bytes > 1000000000” adds an additional condition to the query, ensuring that only traffic exceeding 1GB (1,000,000,000 bytes) is returned.
The other options have the following issues:
A. The “publicnetwork” attribute is used instead of “dest.publicnetwork”, which is incorrect. It also uses “AND” instead of “OR” for the public network values.
B. The syntax is incorrect, using “1GB” instead of the actual byte value (1000000000). It also uses “AND” and “OR” incorrectly.
C. The query starts with “show traffic” instead of “network”, and uses “destination.network” instead of “dest.publicnetwork”.
Therefore, option D provides the correct RQL query to return all traffic destined for Internet or Suspicious IPs that also exceed 1GB.
Palo Alto Networks PSE-Prisma Cloud certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Palo Alto Networks PSE-Prisma Cloud exam and earn Palo Alto Networks PSE-Prisma Cloud certification.