Q: 5
Which Cloud Identity Engine capability will create a Security policy that uses Entra ID attributes as
the source identification?
Options
Discussion
Option D is the one that lets you create dynamic policies using Entra ID attributes as source. The other choices are more about mapping or static groups, not policy automation. Pretty sure this is what Palo Alto wants here, though let me know if you see it differently.
D imo since Cloud Dynamic User Group is the feature that maps Entra ID attributes to security policy criteria. The other options don’t directly support dynamic policy creation based on attribute changes. Pretty sure this matches what exam reports mention, but open if someone thinks otherwise.
D or maybe C, but leaning D based on similar questions. Really clear wording on this one.
Be respectful. No spam.
