Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

Palo Alto Networks Exam PCNSA Topic 2 Question 67 Discussion

Actual exam question for Palo Alto Networks's PCNSA exam

Question #: 67
Topic #: 2

[All PCNSA Questions]

If using group mapping with Active Directory Universal Groups, what must you do when configuring the User-ID?

ACreate an LDAP Server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL

BConfigure a frequency schedule to clear group mapping cache

CConfigure a Primary Employee ID number for user-based Security policies

DCreate a RADIUS Server profile to connect to the domain controllers using LDAPS on port 636 or 389

Show Suggested Answer

Suggested Answer: B, D

A dynamic address group populates its members dynamically using look ups for tags and tag-based filters. Tags are metadata elements or attribute-value pairs that are registered for each IP address. Tag-based filters use logical and and or operators to match the tags and determine the membership of the dynamic address group. For example, you can create a dynamic address group that includes all IP addresses that have the tags ''web-server'' and ''linux''. You can also use static tags as part of the filter criteria.Reference:Policy Object: Address Groups,Use Dynamic Address Groups in Policy,Statics vs. Dynamic Address Objects Groups

by Charisse at Jul 02, 2024, 10:25 AM

Limited Time Offer

25%

Off

Get Premium PCNSA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Deandrea

1 months ago

If this question is any indication, I better start 'directory' my time and study up on Active Directory. No 'universal' solutions here!

upvoted 0 times

...

Gail

1 months ago

I hope the exam doesn't have any questions about configuring coffee makers in the break room. That would really 'brew' up some confusion.

upvoted 0 times

...

Deja

1 months ago

Creating a RADIUS Server profile? That's for authentication, not User-ID. This question is really testing our Active Directory knowledge.

upvoted 0 times

Adelaide

4 days ago

D) Create a RADIUS Server profile to connect to the domain controllers using LDAPS on port 636 or 389

upvoted 0 times

...

Arminda

15 days ago

B) Configure a frequency schedule to clear group mapping cache

upvoted 0 times

...

Gianna

25 days ago

A) Create an LDAP Server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL

upvoted 0 times

...

...

Krystina

1 months ago

Primary Employee ID number? That's for user-based policies, not User-ID mapping. I'll have to skip that one.

upvoted 0 times

Jody

1 days ago

User 3: D) Create a RADIUS Server profile to connect to the domain controllers using LDAPS on port 636 or 389

upvoted 0 times

...

Alecia

4 days ago

User 2: B) Configure a frequency schedule to clear group mapping cache

upvoted 0 times

...

Erasmo

9 days ago

User 1: A) Create an LDAP Server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL

upvoted 0 times

...

...

Shawnna

2 months ago

Hmm, clearing the group mapping cache doesn't seem relevant to the User-ID configuration. I don't think that's the right answer.

upvoted 0 times

Emelda

16 days ago

C) Configure a Primary Employee ID number for user-based Security policies

upvoted 0 times

...

Abraham

1 months ago

B) Configure a frequency schedule to clear group mapping cache

upvoted 0 times

...

Theresia

1 months ago

A) Create an LDAP Server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL

upvoted 0 times

...

...

Benton

2 months ago

Option A seems logical, as we need to connect to the Global Catalog server to retrieve group information for User-ID mapping. I'd go with that.

upvoted 0 times

Eileen

1 months ago

User 2: Yes, it's important to have the correct LDAP Server profile set up for User-ID configuration.

upvoted 0 times

...

Josefa

1 months ago

User 1: I agree, connecting to the Global Catalog server is essential for group mapping.

upvoted 0 times

...

...

Royal

2 months ago

I'm not sure, but I think option B) Configure a frequency schedule to clear group mapping cache could also be important to ensure accurate user identification.

upvoted 0 times

...

Katheryn

2 months ago

I agree with Diane, because using group mapping with Active Directory Universal Groups requires connecting to the Global Catalog server for user identification.

upvoted 0 times

...

Diane

2 months ago

I think the answer is A) Create an LDAP Server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL.

upvoted 0 times

...

Mollie

3 months ago

I'm not sure, but I think option B) Configure a frequency schedule to clear group mapping cache could also be important to ensure accurate user identification.

upvoted 0 times

...

Janine

3 months ago

I agree with Javier, because using group mapping with Active Directory Universal Groups requires connecting to the Global Catalog server for user identification.

upvoted 0 times

...

Javier

3 months ago

I think the answer is A) Create an LDAP Server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL.

upvoted 0 times

...

az-700 pass4success az-104 200-301 200-201 cissp 350-401 350-201 350-501 350-601 350-801 350-901 az-720 az-305 pl-300

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77