Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?
Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?
A . PAN-OS integrated User-ID agent
B . LDAP Server Profile configuration
C . GlobalProtect
D . Windows-based User-ID agent
Answer: C
Explanation:
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/user-id/user-id-concepts/user-mapping/globalprotect.html
Because GlobalProtect users must authenticate to gain access to the network, the IP address-to-username mapping is explicitly known.
Because GlobalProtect users must authenticate to gain access to the network, the IP address-to-username mapping is explicitly known. This is the best solution in sensitive environments where you must be certain of who a user is in order to allow access to an application or service. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/user-id/user-id-concepts/user-mapping/globalprotect.html
"On sensitive and high security networks, WMI probing increases the overall attack surface, and administrators are recommended to disable WMI probing and instead rely
upon User-ID mappings obtained from more isolated and trusted sources, such as domain
controllers. If you are using the User-ID Agent to parse AD security event logs, syslog
messages, or the XML API to obtain User-ID mappings, then WMI probing should be
disabled. Captive portal can be used as a fallback mechanism to re-authenticate users
where security event log data may be stale."
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVPCA0
Latest PCNSE Dumps Valid Version with 280 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund