Learn how to extract and learn IP-to-user mapping information from authentication events for VPN and wireless users on Palo Alto Networks next-generation firewalls.
Table of Contents
Question
Information Security is enforcing group-based policies by using security-event monitoring on Windows User-ID agents for IP-to-User mapping in the network. During the rollout, Information Security identified a gap for users authenticating to their VPN and wireless networks.
Root cause analysis showed that users were authenticating via RADIUS and that authentication events were not captured on the domain controllers that were being monitored. Information Security found that authentication events existed on the Identity Management solution (IDM).
There did not appear to be direct integration between PAN-OS and the IDM solution.
How can Information Security extract and learn IP-to-user mapping information from authentication events for VPN and wireless users?
A. Configure the integrated User-ID agent on PAN-OS to accept Syslog messages over TLS.
B. Configure the User-ID XML API on PAN-OS firewalls to pull the authentication events directly from the IDM solution.
C. Add domain controllers that might be missing to perform security-event monitoring for VPN and wireless users.
D. Configure the Windows User-ID agents to monitor the VPN concentrators and wireless controllers for IP-to-User mapping.
Answer
B. Configure the User-ID XML API on PAN-OS firewalls to pull the authentication events directly from the IDM solution.
Explanation
In this scenario, the issue is that authentication events for VPN and wireless users are not being captured on the domain controllers that are being monitored, and there doesn’t appear to be direct integration between PAN-OS and the Identity Management solution (IDM). To address this, Information Security can configure the User-ID XML API on PAN-OS firewalls to pull the authentication events directly from the IDM solution. This will allow for the extraction and learning of IP-to-user mapping information from authentication events for VPN and wireless users.
Palo Alto Networks Certified Network Security Engineer PCNSE certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Palo Alto Networks Certified Network Security Engineer PCNSE exam and earn Palo Alto Networks Certified Network Security Engineer PCNSE certification.