Correct Answer is C The Windows-based User‐ID agent is installed on a Read-Only Domain Controller (RODC). The User‐ID agent collects password hashes that correspond to users for which you want to enable credential detection and sends these mappings to the firewall. The firewall then checks if the source IP address of a session matches a username and if the password submitted to the webpage belongs to that username. With this mode, the firewall blocks or alerts on the submission only when the password submitted matches a user password.

correct answer is C

In PCNSE Beacon Practice exam, confirms C but likely retired

C is a correct. A - for ip user mapping not domain https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/url-filtering/prevent-credential-phishing/methods-to-check-for-corporate-credential-submissions

Correct Answer is C

Correct Answer C Use Domain Credential Filter—Checks for valid corporate usernames and password submissions and verifies that the submitted credentials match the user logged into the source IP address of the session. Link: https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-new-features/content-inspection-features/credential-phishing-prevention

C is the correct answer https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/prevent-credential-phishing/methods-to-check-for-corporate-credential-submissions.html#id29eff481-13de-45b9-b73c-83e2e932ba20

read carefully, question it self said using “Domain Credential Filter method” if you are using that method : detects whether a user is submitting a valid username and password and that those credentials match the user who is logged in to the source IP address of the session, Configure Credential Detection with the Windows-basedUser-IDAgent and Map IP Addresses to Users. but if you are using IP user mapping method A: would be the right answer, below the KB Enjoy! https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-new-features/content-inspection-features/credential-phishing-prevention

The answer is C, IP-User: This credential detection method checks for valid username submissions. You can use this method to detect credential submissions that include a valid corporate username (regardless of the accompanying password). Domain Credential: This credential detection method enables the firewall to check for a valid corporate username and the associated password. The firewall determines if the username and password a user submits matches the same user’s corporate username and password.

Correct answer is C

C is correct. With Domain credential method, firewall check both the username and password submitted on the untrusted/potentially phishing website.

I think it's A. Domain Credential Filter - To verify that the credentials belong to the login username—The firewall looks for a mapping between the IP address of the login username and the detected username in its IP address-to-username mapping table.

C is a correct. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/url-filtering/prevent-credential-phishing/methods-to-check-for-corporate-credential-submissions

C -- is the correct answer

What is the question that is being asked does the question ask about if Domain credential filter is implemented how does the credential theft detected then the answer is C, maybe Palo needs to get people to write exam questions correctly and ask what they really mean!! There is no reason to ask trick question when you are trying to test knowledge for the product!!

C is the answer, since the question asks about Domain Credential Filter credential checking. https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/url-filtering/prevent-credential-phishing/methods-to-check-for-corporate-credential-submissions.html#id29eff481-13de-45b9-b73c-83e2e932ba20

Use Domain Credential Filter—Checks for valid corporate usernames and password submissions and verifies that the username maps to the IP address of the logged in user.