Palo Alto Networks Exam PCNSE Topic 4 Question 69 Discussion

Actual exam question for Palo Alto Networks's PCNSE exam

Question #: 69
Topic #: 4

Information Security is enforcing group-based policies by using security-event monitoring on Windows User-ID agents for IP-to-User mapping in the network. During the rollout, Information Security identified a gap for users authenticating to their VPN and wireless networks.

Root cause analysis showed that users were authenticating via RADIUS and that authentication events were not captured on the domain controllers that were being monitored Information Security found that authentication events existed on the Identity Management solution (IDM). There did not appear to be direct integration between PAN-OS and the IDM solution

How can Information Security extract and learn iP-to-user mapping information from authentication events for VPN and wireless users?

AAdd domain controllers that might be missing to perform security-event monitoring for VPN and wireless users.

BConfigure the integrated User-ID agent on PAN-OS to accept Syslog messages over TLS.

CConfigure the User-ID XML API on PAN-OS firewalls to pull the authentication events directly from the IDM solution

DConfigure the Windows User-ID agents to monitor the VPN concentrators and wireless controllers for IP-to-User mapping.

Show Suggested Answer

Suggested Answer: C

User-ID group mapping is a feature that allows Panorama to retrieve user and group information from directory services such as LDAP or Active Directory1. This information can be used to enforce security policies based on user identity and group membership.

To configure User-ID group mapping on Panorama, you need to perform the following steps1:

Select Panorama > User Identification > Group Mapping Settings

Click Add and enter a name for the server profile

Select a Server Type (LDAP or Active Directory)

Click Add and enter the server details (IP address, port number, etc.)

Click OK

Select Group Include List and click Add

Select the groups that you want to include in the group mapping

Click OK

Commit your changes

By configuring User-ID group mapping on Panorama, you can see and choose from a list of usernames and user groups directly inside the Panorama policies when creating new security rules2.

by Simona at Apr 23, 2023, 10:57 AM

Limited Time Offer

25%

Off

Get Premium PCNSE Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Maybelle

1 days ago

Hmm, this seems like a tricky one. I'd say the best option is C, as it allows us to directly extract the IP-to-user mapping from the IDM solution, which seems to be the root of the problem.

upvoted 0 times

...

Tegan

8 days ago

I'm not sure about option B. I think option C might be a better solution. Configuring the User-ID XML API on PAN-OS firewalls to pull authentication events directly from the IDM solution could provide more accurate and detailed information for mapping.

upvoted 0 times

...

Rebbeca

9 days ago

I agree with Phyliss. Option B seems like the most efficient way to extract IP-to-user mapping information from authentication events. It's important to ensure we are capturing all relevant data for security monitoring.

upvoted 0 times

...

Phyliss

14 days ago

I think option B is the best choice. Configuring the integrated User-ID agent on PAN-OS to accept Syslog messages over TLS will allow us to capture authentication events for VPN and wireless users.

upvoted 0 times

...