Question 18 - Palo Alto Networks PCNSE (PAN OS 11) Real Exam Questions [Jan 2026 Update]

Q: 18

Which User-ID mapping method should be used in a high-security environment where all IP address- to-user mappings should always be explicitly known?

Options

Correct Answer:

Explanation

GlobalProtect provides the most explicit and reliable method for IP address-to-user mapping in a high-security context. When a user connects via the GlobalProtect agent, they must actively authenticate. This process directly provides the firewall with a verified mapping of the user's identity to their specific IP address for the duration of the session. This active, authentication-based approach ensures that all mappings are explicitly known and validated, which is a fundamental requirement for high-security environments, unlike passive methods which can have gaps or delays.

Why Incorrect

A. PAN-OS integrated User-ID agent: This primarily uses passive methods like security log scraping, which may not capture every mapping event in real-time, making it less explicit than required.

C. Windows-based User-ID agent: Similar to the integrated agent, this relies on passive monitoring of server logs (e.g., domain controller logs), which is not as definitive as direct user authentication.

D. LDAP Server Profile configuration: An LDAP Server Profile is used to query a directory for user authentication and group membership; it does not, by itself, create an IP-to-user mapping.

References

1. Palo Alto Networks Documentation (PAN-OS 10.2)

"User-ID Concepts > User Mapping": This section details the various methods for mapping users to IP addresses. It describes GlobalProtect as a method where the agent

upon successful user authentication

provides the user and group information to the User-ID agent on the gateway. This direct submission of authenticated user data makes it an explicit mapping source.

2. Palo Alto Networks Documentation (PAN-OS 10.2)

"GlobalProtect": The GlobalProtect documentation explains that its core function is to authenticate users to establish secure connectivity. This authentication event is the source of the user-to-IP mapping

making it a highly reliable and explicit source of User-ID information.

3. Palo Alto Networks Documentation (PAN-OS 10.2)

"Configure the PAN-OS Integrated User-ID Agent to Monitor a Server": This document describes the server monitoring method used by the integrated and Windows-based agents. It states

"The firewall monitors the security event logs...for user login and logout events." This confirms the passive nature of the agent-based methods

which is less suitable for environments where mappings must always be explicitly known.

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE