- Home
- Palo Alto Networks
- Palo Alto Networks Certified Network Security Engineer Exam
- PaloAltoNetworks.PCNSE.v2026-01-15.q174
- Question 155
Valid PCNSE Dumps shared by ExamDiscuss.com for Helping Passing PCNSE Exam! ExamDiscuss.com now offer the newest PCNSE exam dumps, the ExamDiscuss.com PCNSE exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com PCNSE dumps with Test Engine here:
Access PCNSE Dumps Premium Version
(375 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 155/174
An administrator needs to build Security rules in a Device Group that allow traffic to specific users and groups defined in Active Directory. What must be configured in order to select users and groups for those rules from Panorama? The Security rules must be targeted to a firewall in the device group and have Group Mapping configured.
Correct Answer: A
To create Security rules in Panorama that reference specific users and groups from Active Directory (AD), the Panorama-managed firewalls need access to user-to-group mapping information. This is achieved through Group Mapping, which relies on User-ID functionality. In a Panorama-managed environment, a "master device" must be designated within the device group to provide this Group Mapping data. The master device is a firewall that retrieves user and group information from AD (via LDAP or User-ID agent) and shares it with other firewalls in the device group. This ensures consistent user-based policies across all devices in the group.
Option B (User-ID Redistribution) is incorrect because redistribution is used to share IP-to-user mappings, not group mappings, and is typically configured between firewalls or via Panorama's User-ID redistribution feature, not a requirement for selecting users/groups in rules. Option C (User-ID Certificate profile) is unrelated, as it pertains to certificate-based authentication, not AD group mapping. Official documentation specifies that a master device with Group Mapping configured is essential for this scenario.
Reference: Palo Alto Networks Administrator's Guide, PAN-OS 11.2, "User-ID" section - Group Mapping Configuration; Panorama Administrator's Guide, "Device Groups" section.
Option B (User-ID Redistribution) is incorrect because redistribution is used to share IP-to-user mappings, not group mappings, and is typically configured between firewalls or via Panorama's User-ID redistribution feature, not a requirement for selecting users/groups in rules. Option C (User-ID Certificate profile) is unrelated, as it pertains to certificate-based authentication, not AD group mapping. Official documentation specifies that a master device with Group Mapping configured is essential for this scenario.
Reference: Palo Alto Networks Administrator's Guide, PAN-OS 11.2, "User-ID" section - Group Mapping Configuration; Panorama Administrator's Guide, "Device Groups" section.
- Question List (174q)
- Question 1: An administrator configures a preemptive active-passive high...
- Question 2: A company has a PA-3220 NGFW at the edge of its network and ...
- Question 3: An administrator is tasked to provide secure access to appli...
- Question 4: What can the Log Forwarding built-in action with tagging be ...
- Question 5: A firewall administrator configures the HIP profiles on the ...
- Question 6: Which feature of Panorama allows an administrator to create ...
- Question 7: An administrator plans to install the Windows-Based User-ID ...
- Question 8: When a new firewall joins a high availability (HA) cluster, ...
- Question 9: An engineer is monitoring an active/active high availability...
- Question 10: A firewall architect is attempting to install a new Palo Alt...
- Question 11: Which statement regarding HA timer settings is true?...
- Question 12: An administrator has been asked to configure active/active H...
- Question 13: Refer to the exhibit. (Exhibit) Using the above screenshot o...
- Question 14: An administrator accidentally closed the commit window/scree...
- Question 15: Which two profiles should be configured when sharing tags fr...
- Question 16: A firewall administrator to have visibility on one segment o...
- Question 17: A firewall engineer needs to patch the company's Palo Alto N...
- Question 18: When backing up and saving configuration files, what is achi...
- Question 19: Which three authentication types can be used to authenticate...
- Question 20: An organization uses the User-ID agent to control access to ...
- Question 21: Which tool can gather information about the application patt...
- Question 22: Which log type is supported in the Log Forwarding profile?...
- Question 23: An engineer troubleshoots a high availability (HA) link that...
- Question 24: Given the following snippet of a WildFire submission log did...
- Question 25: Based on the images below, what is the correct order in whic...
- Question 26: An engineer is reviewing the following high availability (HA...
- Question 27: A network security administrator has an environment with mul...
- Question 28: Which new PAN-OS 11.0 feature supports IPv6 traffic?...
- Question 29: Which type of zone will allow different virtual systems to c...
- Question 30: What are the two behavior differences between Highlight Unus...
- Question 31: What can be used as an Action when creating a Policy-Based F...
- Question 32: An administrator notices that an interface configuration has...
- Question 33: How can a firewall engineer bypass App-ID and content inspec...
- Question 34: A root cause analysis investigation into a recent security i...
- Question 35: Which three split tunnel methods are supported by a globalPr...
- Question 36: After switching to a different WAN connection, users have re...
- Question 37: Given the following configuration, which route is used for d...
- Question 38: What should an administrator consider when planning to rever...
- Question 39: A company has configured a URL Filtering profile with overri...
- Question 40: A firewall administrator is configuring an IPSec tunnel betw...
- Question 41: A firewall administrator manages sets of firewalls which hav...
- Question 42: What type of NAT is required to configure transparent proxy?...
- Question 43: Exhibit. (Exhibit) Given the screenshot, how did the firewal...
- Question 44: Which configuration change will improve network reliability ...
- Question 45: A superuser is tasked with creating administrator accounts f...
- Question 46: A company wants to deploy IPv6 on its network which requires...
- Question 47: Which two actions would be part of an automatic solution tha...
- Question 48: A firewall administrator has been tasked with ensuring that ...
- Question 49: Which interface type should a firewall administrator configu...
- Question 50: When creating a Policy-Based Forwarding (PBF) rule, which tw...
- Question 51: A firewall engineer at a company is researching the Device T...
- Question 52: Which two profiles should be configured when sharing tags fr...
- Question 53: While troubleshooting an issue, a firewall administrator per...
- Question 54: An administrator plans to install the Windows-Based User-ID ...
- Question 55: An organization wants to begin decrypting guest and BYOD tra...
- Question 56: A security engineer is informed that the vulnerability prote...
- Question 57: A network security engineer is attempting to peer a virtual ...
- Question 58: For company compliance purposes, three new contractors will ...
- Question 59: Following a review of firewall logs for traffic generated by...
- Question 60: Which log type would provide information about traffic block...
- Question 61: A new application server 192.168.197.40 has been deployed in...
- Question 62: Which two actions must an engineer take to configure SSL For...
- Question 63: In the New App Viewer under Policy Optimizer, what does the ...
- Question 64: A threat intelligence team has requested more than a dozen S...
- Question 65: An engineer troubleshoots a Panorama-managed firewall that i...
- Question 66: (Exhibit) Based on the screenshots above, and with no config...
- Question 67: What is the best description of the Cluster Synchronization ...
- Question 68: A security engineer needs firewall management access on a tr...
- Question 69: Based on the routing and interface information below, what s...
- Question 70: To connect the Palo Alto Networks firewall to AutoFocus, whi...
- Question 71: During the implementation of SSL Forward Proxy decryption, a...
- Question 72: When configuring a GlobalProtect Portal, what is the purpose...
- Question 73: How does Panorama prompt VMWare NSX to quarantine an infecte...
- Question 74: An engineer configures a specific service route in an enviro...
- Question 75: Based on the image, what caused the commit warning? (Exhibit...
- Question 76: What are three prerequisites for credential phishing prevent...
- Question 77: ln a security-first network, what is the recommended thresho...
- Question 78: Which CLI command is used to simulate traffic going through ...
- Question 79: An administrator is troubleshooting application traffic that...
- Question 80: Based on the graphic which statement accurately describes th...
- Question 81: An organization has recently migrated its infrastructure and...
- Question 82: Which two statements correctly describe Session 380280? (Cho...
- Question 83: Which action does a firewall take when a decryption profile ...
- Question 84: A security engineer wants to upgrade the company's deployed ...
- Question 85: Match the terms to their corresponding definitions (Exhibit)...
- Question 86: An engineer needs to configure a standardized template for a...
- Question 87: Which rule type controls end user SSL traffic to external we...
- Question 88: An administrator is defining protection settings on the Palo...
- Question 89: A firewall engineer has determined that, in an application d...
- Question 90: An administrator has a Palo Alto Networks NGFW. All security...
- Question 91: A company uses GlobalProtect for its VPN and wants to allow ...
- Question 92: The firewall team has been asked to deploy a new Panorama se...
- Question 93: A firewall engineer is configuring quality of service (OoS) ...
- Question 94: A company CISO updates the business Security policy to ident...
- Question 95: An administrator needs to build Security rules in a Device G...
- Question 96: To ensure that a Security policy has the highest priority, h...
- Question 97: Which server platforms can be monitored when a company is de...
- Question 98: A company is expanding its existing log storage and alerting...
- Question 99: An administrator connects a new fiber cable and transceiver ...
- Question 100: Which administrative authentication method supports authoriz...
- Question 101: An engineer needs to collect User-ID mappings from the compa...
- Question 102: As a best practice, which URL category should you target fir...
- Question 103: A firewall engineer creates a new App-ID report under Monito...
- Question 104: How should an administrator enable the Advance Routing Engin...
- Question 105: Exhibit. (Exhibit) An organization has Palo Alto Networks NG...
- Question 106: Which two scripting file types require direct upload to the ...
- Question 107: A firewall administrator has been tasked with ensuring that ...
- Question 108: A customer requires that virtual systems with separate virtu...
- Question 109: What must be configured to apply tags automatically based on...
- Question 110: Which three actions can Panorama perform when deploying PAN-...
- Question 111: An administrator has two pairs of firewalls within the same ...
- Question 112: When creating a Policy-Based Forwarding (PBF) policy, which ...
- Question 113: Which conditions must be met when provisioning a high availa...
- Question 114: An administrator notices interface ethernet1/2 failed on the...
- Question 115: An administrator Just enabled HA Heartbeat Backup on two dev...
- Question 116: A firewall engineer creates a NAT rule to translate IP addre...
- Question 117: A network security administrator has been tasked with deploy...
- Question 118: A firewall engineer is tasked with defining signatures for a...
- Question 119: An enterprise Information Security team has deployed policie...
- Question 120: Which tool will allow review of the policy creation logic to...
- Question 121: A company configures its WildFire analysis profile to forwar...
- Question 122: An administrator has purchased WildFire subscriptions for 90...
- Question 123: When using certificate authentication for firewall administr...
- Question 124: An administrator is troubleshooting why video traffic is not...
- Question 125: When you import the configuration of an HA pair into Panoram...
- Question 126: An organization is interested in migrating from their existi...
- Question 127: What does the User-ID agent use to find login and logout eve...
- Question 128: An administrator has been tasked with configuring decryption...
- Question 129: Review the screenshots. (Exhibit) What is the most likely re...
- Question 130: Which function does the HA4 interface provide when implement...
- Question 131: If an administrator wants to apply QoS to traffic based on s...
- Question 132: An engineer is configuring a firewall with three interfaces:...
- Question 133: Users are intermittently being cut off from local resources ...
- Question 134: A company wants to use GlobalProtect as its remote access VP...
- Question 135: An administrator configures a site-to-site IPsec VPN tunnel ...
- Question 136: An administrator needs to evaluate a recent policy change th...
- Question 137: Which translated port number should be used when configuring...
- Question 138: Which two components are required to configure certificate-b...
- Question 139: Which protocol is natively supported by GlobalProtect Client...
- Question 140: A firewall administrator is configuring an IPSec tunnel betw...
- Question 141: What must be taken into consideration when preparing a log f...
- Question 142: Which CLI command displays the physical media that are conne...
- Question 143: In which two scenarios is it necessary to use Proxy IDs when...
- Question 144: An internal audit team has requested additional information ...
- Question 145: An administrator is using Panorama to manage multiple firewa...
- Question 146: Which template values will be configured on the firewall if ...
- Question 147: Which two methods can be configured to validate the revocati...
- Question 148: An enterprise network security team is deploying VM-Series f...
- Question 149: Certain services in a customer implementation are not workin...
- Question 150: Review the information below. A firewall engineer creates a ...
- Question 151: SSL Forward Proxy decryption is configured, but the firewall...
- Question 152: After implementing a new NGFW, a firewall engineer sees a Vo...
- Question 153: A network security engineer needs to enable Zone Protection ...
- Question 154: What happens when the log forwarding built-in action with ta...
- Question 155: An administrator needs to build Security rules in a Device G...
- Question 156: Which three statements accurately describe Decryption Mirror...
- Question 157: The firewall is not downloading IP addresses from MineMeld. ...
- Question 158: An administrator has configured OSPF with Advanced Routing e...
- Question 159: Why are external zones required to be configured on a Palo A...
- Question 160: An engineer is tasked with deploying SSL Forward Proxy decry...
- Question 161: Which User-ID mapping method should be used in a high-securi...
- Question 162: A network administrator wants to deploy SSL Forward Proxy de...
- Question 163: How does an administrator schedule an Applications and Threa...
- Question 164: Which two factors should be considered when sizing a decrypt...
- Question 165: What happens when an A/P firewall pair synchronizes IPsec tu...
- Question 166: An engineer reviews high availability (HA) settings to under...
- Question 167: If a URL is in multiple custom URL categories with different...
- Question 168: The UDP-4501 protocol-port is to between which two GlobalPro...
- Question 169: Which two virtualization platforms officially support the de...
- Question 170: An administrator wants to use LDAP, TACACS+, and Kerberos as...
- Question 171: What is the best definition of the Heartbeat Interval?...
- Question 172: What are three prerequisites to enable Credential Phishing P...
- Question 173: A firewall engineer supports a mission-critical network that...
- Question 174: Why would a traffic log list an application as "not-applicab...
[×]
Download PDF File
Enter your email address to download PaloAltoNetworks.PCNSE.v2026-01-15.q174.pdf