Which data flow describes redistribution of user mappings?
Which data flow describes redistribution of user mappings?
Redistribution of user mappings involves the transfer of user mapping information between firewalls. User ID mapping information, once gathered, needs to be shared across different network segments for consistent enforcement of security policies. This redistribution ensures that all parts of the network have the latest information about user identities, regardless of where the information was initially collected. Hence, the correct data flow describing redistribution of user mappings is from firewall to firewall.
D - Firewall to firewall or Firewall to Panorama
D - Firewall to Firewall https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/redistribute-user-mappings-and-authentication-timestamps/firewall-deployment-for-user-id-redistribution.html#ide3661b46-4722-4936-bb9b-181679306809
D is correct
correct answer is D
D. if it was collection of user ID it would be A, but instead is redistritbution. check example below. https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/configure-firewalls-to-redistribute-user-mapping-information/firewall-deployment-for-user-id-redistribution.html#id127bc778-ffec-49c4-a9b2-5cf7b044be6e
Answer: D (https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/redistribute-user-mappings-and-authentication-timestamps/firewall-deployment-for-user-id-redistribution.html)
This one is a little confusing but I do believe that the right answer is "A". Step 3-1 says "Configure the firewall to function as a User-ID agent. If redistribution enables the firewall to function as a User-ID agent for other devices then the correct data flow would be "User-ID agent to firewall" The answer is A https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/configure-firewalls-to-redistribute-user-mapping-information/configure-user-id-redistribution.html#idc123940a-367d-4515-b45e-29c1d0aa2bd1 In later version of the PANOS documentation it doesn't mention configuring the firewall as a User-Id agent specifically but all the configuration for redistribution is done within the User-ID agent configuration itself. See Step 1-3 in the doc link below. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/redistribute-user-mappings-and-authentication-timestamps/configure-user-id-redistribution
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/user-identification/device-user-identification-user-mapping/user-id-agent-setup/user-id-agent-setup-redistribution.html
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/redistribute-user-mappings-and-authentication-timestamps/firewall-deployment-for-user-id-redistribution#ide3661b46-4722-4936-bb9b-181679306809
Should be D
A..from the PCNSE study guide revised Aug 2020 To map IP addresses to usernames, User-ID agents monitor sources such as directory servers. The agents send the user mappings to firewalls, Log Collectors, or Panorama. Each appliance then can serve as redistribution points that forward the mappings to other firewalls, Log Collectors, or Panorama. Before a firewall or Panorama can collect user mappings, you must configure its connections to the User-ID agents or redistribution points. More information about this topic can be found here: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-web-interface
"The agents send the user mappings to firewalls, Log Collectors, or Panorama." so far not redistribution - just collection... then it says "Each appliance then can serve as redistribution points that forward the mappings to other firewalls, Log Collectors, or Panorama." so for it to be considered as redistribution it has to come from a firewall, panorama, or log collector. taht only leaves option "D" as an option as its the only one that sources userID from a fw, panorama ,or log collector.
D is correct
PCNSE Study Guide 2023 1.4.4 Firewalls share user mappings and authentication timestamps as part of the same redistribution flow; you do not have to configure redistribution separately for each information type.
User-ID agent can be on a firewall or it can be on a Windows server, so I believe that the answer is A
D. Redistribution supported only on FW, Log Collector, and Panorama
https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/dita/_graphics/7-1/user-id/User-ID_Redistribution.png D is correct