ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSE
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

If a URL is in multiple custom URL categories with different actions, which action will take priority?
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three )
A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. What command could the engineer run to see the current state of the BGP state between the two devices?
Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?
Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port?
A firewall administrator has been tasked with ensuring that all firewalls forward System logs to Panorama. In which section is this configured?
DRAG DROP An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol.
An administrator analyzes the following portion of a VPN system log and notices the following issue "Received local id 10 10 1 4/24 type IPv4 address protocol 0 port 0, received remote id 10.1.10.4/24 type IPv4 address protocol 0 port 0." What is the cause of the issue?
Using multiple templates in a stack to manage many firewalls provides which two advantages? (Choose two.)
Following a review of firewall logs for traffic generated by malicious activity, how can an administrator confirm that WildFire has identified a virus?

Question 294 - PCNSE discussion

Report
Export

Information Security is enforcing group-based policies by using security-event monitoring on Windows User-ID agents for IP-to-User mapping in the network. During the rollout, Information Security identified a gap for users authenticating to their VPN and wireless networks. Root cause analysis showed that users were authenticating via RADIUS and that authentication events were not captured on the domain controllers that were being monitored Information Security found that authentication events existed on the Identity Management solution (IDM). There did not appear to be direct integration between PAN-OS and the IDM solution

How can Information Security extract and learn iP-to-user mapping information from authentication events for VPN and wireless users?

A.
Add domain controllers that might be missing to perform security-event monitoring for VPN and wireless users.
Answers
A.
Add domain controllers that might be missing to perform security-event monitoring for VPN and wireless users.
B.
Configure the integrated User-ID agent on PAN-OS to accept Syslog messages over TLS.
Answers
B.
Configure the integrated User-ID agent on PAN-OS to accept Syslog messages over TLS.
C.
Configure the User-ID XML API on PAN-OS firewalls to pull the authentication events directly from the IDM solution
Answers
C.
Configure the User-ID XML API on PAN-OS firewalls to pull the authentication events directly from the IDM solution
D.
Configure the Windows User-ID agents to monitor the VPN concentrators and wireless controllers for IP-to-User mapping.
Answers
D.
Configure the Windows User-ID agents to monitor the VPN concentrators and wireless controllers for IP-to-User mapping.
Suggested answer: C

Explanation:

According to the Palo Alto Networks documentation1, the User-ID XML API is a feature that allows external systems to send user mapping information to the firewall or Panorama using XML messages over HTTPS. The User-ID XML API can be used to integrate with third-party identity management solutions (IDM) that can provide authentication events for VPN and wireless users. Therefore, the correct answer is C.

The other options are not effective or relevant for extracting and learning IP-to-user mapping information from authentication events for VPN and wireless users:

Add domain controllers that might be missing to perform security-event monitoring for VPN and wireless users: This option would not help because the root cause analysis showed that authentication events were not captured on the domain controllers that were being monitored.

Adding more domain controllers would not change this fact, unless they were configured to receive authentication events from RADIUS servers, which is not mentioned in the scenario.

Configure the integrated User-ID agent on PAN-OS to accept Syslog messages over TLS: This option would not help because it assumes that the IDM solution can send Syslog messages over TLS, which is not mentioned in the scenario.

Moreover, Syslog messages are less reliable and secure than XML messages for user mapping information. Configure the Windows User-ID agents to monitor the VPN concentrators and wireless controllers for IP-to-User mapping: This option would not help because it assumes that the VPN concentrators and wireless controllers can provide IP-to-User mapping information, which is not mentioned in the scenario. Moreover, this option would require additional configuration and maintenance of Windows

User-ID agents, which may not be feasible or scalable.

Reference: 1: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ipaddresses-to-users/send-user-mappings-to-user-id-using-the-xml-api

Show Answer
asked 23/09/2024
Daniel Bucknor-Ankrah
41 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms