Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Palo Alto Networks Exam PCNSE Topic 4 Question 69 Discussion

Actual exam question for Palo Alto Networks's PCNSE exam
Question #: 69
Topic #: 4
[All PCNSE Questions]

Information Security is enforcing group-based policies by using security-event monitoring on Windows User-ID agents for IP-to-User mapping in the network. During the rollout, Information Security identified a gap for users authenticating to their VPN and wireless networks.

Root cause analysis showed that users were authenticating via RADIUS and that authentication events were not captured on the domain controllers that were being monitored Information Security found that authentication events existed on the Identity Management solution (IDM). There did not appear to be direct integration between PAN-OS and the IDM solution

How can Information Security extract and learn iP-to-user mapping information from authentication events for VPN and wireless users?

Show Suggested Answer Hide Answer
Suggested Answer: C

User-ID group mapping is a feature that allows Panorama to retrieve user and group information from directory services such as LDAP or Active Directory1. This information can be used to enforce security policies based on user identity and group membership.

To configure User-ID group mapping on Panorama, you need to perform the following steps1:

Select Panorama > User Identification > Group Mapping Settings

Click Add and enter a name for the server profile

Select a Server Type (LDAP or Active Directory)

Click Add and enter the server details (IP address, port number, etc.)

Click OK

Select Group Include List and click Add

Select the groups that you want to include in the group mapping

Click OK

Commit your changes

By configuring User-ID group mapping on Panorama, you can see and choose from a list of usernames and user groups directly inside the Panorama policies when creating new security rules2.


by Simona at Apr 23, 2023, 10:57 AM

Limited Time Offer

25%

Off

Get Premium PCNSE Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Maybelle
11 days ago
Hmm, this seems like a tricky one. I'd say the best option is C, as it allows us to directly extract the IP-to-user mapping from the IDM solution, which seems to be the root of the problem.
upvoted 0 times
...
Tegan
18 days ago
I'm not sure about option B. I think option C might be a better solution. Configuring the User-ID XML API on PAN-OS firewalls to pull authentication events directly from the IDM solution could provide more accurate and detailed information for mapping.
upvoted 0 times
...
Rebbeca
19 days ago
I agree with Phyliss. Option B seems like the most efficient way to extract IP-to-user mapping information from authentication events. It's important to ensure we are capturing all relevant data for security monitoring.
upvoted 0 times
...
Phyliss
24 days ago
I think option B is the best choice. Configuring the integrated User-ID agent on PAN-OS to accept Syslog messages over TLS will allow us to capture authentication events for VPN and wireless users.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77