Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Question 406

An administrator wants to configure the Palo Alto Networks Windows User-ID agent to map IP addresses to usernames.

The company uses four Microsoft Active Directory servers and two Microsoft Exchange servers, which can provide logs for login events.

All six servers have IP addresses assigned from the following subnet: 192.168.28.32/27.

The Microsoft Active Directory servers reside in 192.168.28.32/28, and the Microsoft Exchange servers reside in 192.168.28.48/28.

What information does the administrator need to provide in the User Identification > Discovery section?

the IP-address and corresponding server type (Microsoft Active Directory or Microsoft Exchange) for each of the six servers

network 192.168.28.32/28 with server type Microsoft Active Directory and network 192.168.28.48/28 with server type Microsoft Exchange

one IP address of a Microsoft Active Directory server and “Auto Discover” enabled to automatically obtain all five of the other servers

network 192.168.28.32/27 with server type Microsoft

Correct Answer: A

To configure the Palo Alto Networks Windows User-ID agent to map IP addresses to usernames, the administrator needs to provide the IP address and corresponding server type (Microsoft Active Directory or Microsoft Exchange) for each of the six servers. This is because auto-discovery only works with domain controllers in the local domain and not with Exchange servers. As the company uses four Active Directory servers and two Exchange servers, detailed and precise server information is needed for accurate mapping.

Discussion

chrisy042Option: A

To collect all of the required mappings, the User-ID agent must connect to all servers that your users log in to in order to monitor the security log files on all servers that contain login events. Auto-discovery locates domain controllers in the local domain only; you must manually add Exchange servers, eDirectory servers, and syslog senders. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/user-id/map-ip-addresses-to-users/configure-user-mapping-using-the-windows-user-id-agent/configure-the-windows-based-user-id-agent-for-user-mapping

mz101Option: A

Yes, should be A.

Frightened_AcrobatOption: A

What chrisy said.

327c7c8Option: D

the discovery option work only with Active Directory not Microsoft exchange nor the Novell eDirectory. so the correct answer would be (D)

SH_Option: A

A because auto-discovery does not work with Exchange servers. It would be C if there were only Active Directory DCs.

MarshpillowzOption: A

A is forrect

MetgatzOption: A

A is the correct option