Palo Alto Networks Exam PCNSA Topic 2 Question 67 Discussion

Actual exam question for Palo Alto Networks's PCNSA exam

Question #: 67
Topic #: 2

[All PCNSA Questions]

If using group mapping with Active Directory Universal Groups, what must you do when configuring the User-ID?

ACreate an LDAP Server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL

BConfigure a frequency schedule to clear group mapping cache

CConfigure a Primary Employee ID number for user-based Security policies

DCreate a RADIUS Server profile to connect to the domain controllers using LDAPS on port 636 or 389

Show Suggested Answer

Suggested Answer: B, D

A dynamic address group populates its members dynamically using look ups for tags and tag-based filters. Tags are metadata elements or attribute-value pairs that are registered for each IP address. Tag-based filters use logical and and or operators to match the tags and determine the membership of the dynamic address group. For example, you can create a dynamic address group that includes all IP addresses that have the tags ''web-server'' and ''linux''. You can also use static tags as part of the filter criteria.Reference:Policy Object: Address Groups,Use Dynamic Address Groups in Policy,Statics vs. Dynamic Address Objects Groups

by Charisse at Jul 02, 2024, 10:25 AM

Limited Time Offer

25%

Off

Get Premium PCNSA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Janine

3 days ago

I agree with Javier, because using group mapping with Active Directory Universal Groups requires connecting to the Global Catalog server for user identification.

upvoted 0 times

...

Javier

4 days ago

I think the answer is A) Create an LDAP Server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL.

upvoted 0 times

...