Which User-ID method maps IP addresses to usernames for users connecting through an 802.1x-enabled wireless network device that has no native integration with PAN-OSֲ® software?
Which User-ID method maps IP addresses to usernames for users connecting through an 802.1x-enabled wireless network device that has no native integration with PAN-OSֲ® software?
The appropriate method for mapping IP addresses to usernames for users connecting through an 802.1x-enabled wireless network device that has no native integration with PAN-OS software is the XML API. The XML API allows external systems to send user mapping information to the PAN-OS User-ID agent or firewall by using standard HTTP requests. This is necessary when the device or application does not support native integration with PAN-OS, making XML API a suitable choice for such cases.
it looks like the docs have changed and are more clear now. XML API seems to be the right answer in this case, otherwise syslog could be possible too but that is not an anwer here. Server monitoring is not right because it assumes you are using some kind of AD server. Answer: A
server monitoring description: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/user-id-concepts/user-mapping/server-monitoring.html XML API description: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/user-id-concepts/user-mapping/xml-api.html same for both PAN-OS 10 and 9.1 so should be relevant for the current exam
A XML API is right
XML API is used for 802.1x implementation, according to Palo Alto. Server monitoring is not usefull on this case as the user is not connected to server.
User-ID provides many out-of-the box methods for obtaining user mapping information. However, you might have applications or devices that capture user information but cannot natively integrate with User-ID. For example, you might have a custom, internally developed application or a device that no standard user mapping method supports. In such cases, you can use the PAN-OS XML API to create custom scripts that send the information to the PAN-OS integrated User-ID agent or directly to the firewall. The PAN-OS XML API uses standard HTTP requests to send and receive data. API calls can be made directly from command line utilities such as cURL or using any scripting or application framework that supports POST and GET requests.
A - XML API Captive Portal and the other standard user mapping methods might not work for certain types of user access. For example, the standard methods cannot add mappings of users connecting from a third-party VPN solution or users connecting to a 802.1x-enabled wireless network. For such cases, you can use the PAN-OS XML API to capture login events and send them to the PAN-OS integrated User-ID agent https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/user-id-concepts/user-mapping/xml-api
C. Client Probing
Answer A is correct: The standard methods cannot add mappings of users connecting from a third-party VPN solution or users connecting to a 802.1x-enabled wireless network, for such cases, you can use the PAN-OS XML API, please refer to https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/user-id/user-id-concepts/user-mapping/xml-api
A is correct In the pcnse study guide : XML API: The PAN-OS XML API is used in cases where standard user mapping methods might not work—for example, as third-party VPNs or 802.1x-enabled wireless networks
This is from admin guide. It clearly says windows based agent or pan os integrated agent. With server monitoring a User-ID agent—either a Windows-based agent running on a domain server in your network, or the PAN-OS integrated User-ID agent running on the firewall— monitors the security event logs for specified Microsoft Exchange Servers, Domain Controllers, or Novell eDirectory servers for login events.
The answer is A XML API, just got from PCNSE guide - The PAN-OS XML API is used in cases where standard user mapping methods might not work—for example, as third-party VPNs or 802.1x-enabled wireless networks.
Answer is A. To enable an external system to send user mapping information to the PAN-OS integrated User-ID agent, create scripts that extract user login and logout events and use the events as input to the PAN-OS XML API request.
XML API When other methods cannot be used, User-ID can consume PAN-OS XML API user login and logout messages sent from terminal servers, NAC systems, and other network devices that can format and send XML over HTTP.
XML API When other methods cannot be used, User-ID can consume PAN-OS XML API user login and logout messages sent from terminal servers, NAC systems, and other network devices that can format and send XML over HTTP.
The key phrase in the question that eliminates D is "no native integration with PAN-OSֲ® software". The correct answer is A.
XML API, question is asking for non native way User-ID provides many out-of-the box methods for obtaining user mapping information. However, you might have applications or devices that capture user information but cannot natively integrate with User-ID. For example, you might have a custom, internally developed application or a device that no standard user mapping method supports. In such cases, you can use the PAN-OS XML API to create custom scripts that send the information to the PAN-OS integrated User-ID agent or directly to the firewall.
XML API Captive Portal and the other standard user mapping methods might not work for certain types of user access. For example, the standard methods cannot add mappings of users connecting from a third-party VPN solution or users connecting to a 802.1x-enabled wireless network. For such cases, you can use the PAN-OS XML API to capture login events and send them to the PAN-OS integrated User-ID agent . See Send User Mappings to User-ID Using the XML API for details.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/user-id-overview