You log into the Protection Server and a rule you created yesterday is no longer enabled. Where can you find out what happened to the rule you created?
The correct answer is B. Audit Logs. Proofpoint’s configuration auditing documentation states that the audit area records configuration changes and identifies details such as the time the action occurred and the console user who made the change. That is exactly the type of information needed when a rule that was previously enabled is no longer enabled and the administrator wants to know what happened.
This is different from Smart Search, which is used to investigate messages and message disposition, not administrative configuration history. Alert Viewer focuses on alert events, and Log Viewer is not the primary course answer for tracing who changed a rule’s enabled state. The question is specifically about a rule’s configuration state changing between yesterday and today, which is an administrative action trail problem. In the Threat Protection Administrator course, this is precisely what audit logging is for: establishing accountability and change history for rules, settings, and other administrative modifications.
In real-world operations, Audit Logs help answer questions like who disabled a rule, when it was changed, and whether the change was manual or part of another configuration update. Because the platform’s configuration-auditing feature is designed for this use case, the verified and course-aligned answer is B. Audit Logs.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit