Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location
Mob_nav_barsMENU

Palo Alto Networks PSE-Strata-Pro-24 Exam - Topic 1 Question 15 Discussion

Actual exam question for Palo Alto Networks's PSE-Strata-Pro-24 exam
Question #: 15
Topic #: 1
[All PSE-Strata-Pro-24 Questions]

A company plans to deploy identity for improved visibility and identity-based controls for least privilege access to applications and dat

a. The company does not have an on-premises Active Directory (AD) deployment, and devices are connected and managed by using a combination of Entra ID and Jamf.

Which two supported sources for identity are appropriate for this environment? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C, D

In this scenario, the company does not use on-premises Active Directory and manages devices with Entra ID and Jamf, which implies a cloud-native and modern management setup. Below is the evaluation of each option:

Option A: Captive portal

Captive portal is typically used in environments where identity mapping is needed for unmanaged devices or guest users. It provides a mechanism for users to authenticate themselves through a web interface.

However, in this case, the company is managing devices using Entra ID and Jamf, which means identity information can already be centralized through other means. Captive portal is not an ideal solution here.

This option is not appropriate.

Option B: User-ID agents configured for WMI client probing

WMI (Windows Management Instrumentation) client probing is a mechanism used to map IP addresses to usernames in a Windows environment. This approach is specific to on-premises Active Directory deployments and requires direct communication with Windows endpoints.

Since the company does not have an on-premises AD and is using Entra ID and Jamf, this method is not applicable.

This option is not appropriate.

Option C: GlobalProtect with an internal gateway deployment

GlobalProtect is Palo Alto Networks' VPN solution, which allows for secure remote access. It also supports identity-based mapping when deployed with internal gateways.

In this case, GlobalProtect with an internal gateway can serve as a mechanism to provide user and device visibility based on the managed devices connecting through the gateway.

This option is appropriate.

Option D: Cloud Identity Engine synchronized with Entra ID

The Cloud Identity Engine provides a cloud-based approach to synchronize identity information from identity providers like Entra ID (formerly Azure AD).

In a cloud-native environment with Entra ID and Jamf, the Cloud Identity Engine is a natural fit as it integrates seamlessly to provide identity visibility for applications and data.

This option is appropriate.


Palo Alto Networks documentation on Cloud Identity Engine

GlobalProtect configuration and use cases in Palo Alto Knowledge Base

by Corinne at Jul 31, 2025, 03:56 PM

Limited Time Offer

25%

Off

Get Premium PSE-Strata-Pro-24 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lottie
5 days ago
I think Cloud Identity Engine synchronized with Entra ID could be one of the answers, but I'm a bit confused about the other options.
upvoted 0 times
...
Dorcas
11 days ago
I remember studying about identity sources, but I'm not entirely sure which ones are compatible with Entra ID.
upvoted 0 times
...
Brittani
17 days ago
I'm confident I can narrow this down to the two correct answers. The cloud-based identity options like Entra ID and Cloud Identity Engine are the way to go here.
upvoted 0 times
...
Yolando
22 days ago
I'm a bit confused by the "User-ID agents configured for WMI client probing" option. That doesn't seem like it would be appropriate for this cloud-based setup.
upvoted 0 times
...
Francesco
27 days ago
Okay, I think I've got it. The key is to focus on the identity management tools mentioned, like Entra ID and Jamf, and choose the options that would integrate well with those.
upvoted 0 times
...
Nadine
1 month ago
Hmm, the lack of on-premises AD deployment is an important detail. I'll need to think through the supported identity sources that would work in this environment.
upvoted 0 times
...
Glendora
1 month ago
This question seems straightforward, but I want to make sure I understand the requirements correctly before selecting the answers.
upvoted 0 times
...
Shenika
2 months ago
I agree with Floyd. Option D) seems like a suitable source for identity in this scenario.
upvoted 0 times
...
Reyes
2 months ago
D is the way to go, for sure. Synchronized identities? That's like having your own personal identity bodyguard.
upvoted 0 times
...
Bo
3 months ago
I'm going with B and C. WMI client probing and GlobalProtect? That's the IT equivalent of a spy thriller.
upvoted 0 times
Markus
2 months ago
GlobalProtect with an internal gateway deployment does sound pretty cool.
upvoted 0 times
...
Lezlie
2 months ago
I agree, WMI client probing sounds like something out of a spy movie.
upvoted 0 times
...
...
Raymon
3 months ago
Definitely go with D. Cloud Identity Engine and Entra ID? That's like peanut butter and jelly, just a match made in heaven.
upvoted 0 times
Samira
2 months ago
A: Definitely agree, D is the way to go for sure.
upvoted 0 times
...
...
Floyd
3 months ago
I think option D) Cloud Identity Engine synchronized with Entra ID could be a good choice since devices are managed by Entra ID.
upvoted 0 times
...
Letha
3 months ago
D and A seem like the best options here. I mean, who doesn't love a good captive portal, am I right? It's like a surprise party for your internet connection!
upvoted 0 times
Micaela
3 months ago
I agree, Captive portal adds a fun element to the identity deployment.
upvoted 0 times
...
Tish
3 months ago
D and A are great choices! Captive portal is always fun.
upvoted 0 times
...
...

Save Cancel