Given the information, what is the best choice for deploying User-ID to ensure maximum coverage?

A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged.

Given the information, what is the best choice for deploying User-ID to ensure maximum coverage?
A . Syslog listener
B. agentless User-ID with redistribution
C. standalone User-ID agent
D. captive portal

Answer: C

Explanation:

A syslog listener is a User-ID agent that listens for syslog messages from network devices that contain user mapping information, such as network access control systems, domain controllers, or MDM solutions. By configuring a syslog listener on the firewall or Panorama and specifying the syslog format and filters, User-ID can parse the syslog messages and extract user mapping information from multiple sources. Agentless User-ID with redistribution is a method of using an existing firewall as a User-ID agent that redistributes user mappings to other firewalls or Panorama. This method does not involve syslog messages. A standalone User-ID agent is a software application that runs on a Windows server and collects user mappings from Active Directory servers or other sources. This method requires installing and managing a separate agent software. A captive portal is a web page that prompts users to authenticate before accessing certain network resources. This method does not involve syslog messages. References:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/syslog-monitoring.html

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/user-id-agents.html

Latest PCNSE Dumps Valid Version with 280 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments