PCNSA Question #325: Real Exam Question with Answer & Explanation

Question

The Net Sec Manager asked to create a new Firewall Operator profile with customized privileges. In particular, the new firewall operator should be able to: Check the configuration with read-only privilege for LDAP, RADIUS, TACACS+, and SAML as Server profiles to be used inside an Authentication profile. The firewall operator should not be able to access anything else. What is the right path m order to configure the new firewall Administrator Profile?

Options

• ADevice > Admin Roles > Add > Web UI > Device > Server Profiles
• BDevice > Admin Roles > Add > Web UI > Objects > Server Profiles
• CDevice > Admin Roles > Add >Web UI > Objects > Authentication Profile
• DDevice > Admin Roles > Add > Web UI > Device > Authentication Profile

Explanation

To grant read-only privileges for LDAP, RADIUS, TACACS+, and SAML Server profiles within a custom administrator role, you must navigate to Device > Admin Roles > Add > Web UI > Device > Server Profiles.

Common mistakes.

• B. 'Objects' typically refers to reusable network objects like addresses, services, and applications, not system-level authentication server profiles which reside under the 'Device' section.
• C. While authentication profiles use server profiles, the server profiles themselves are configured under 'Device,' and restricting access solely to 'Authentication Profile' under 'Objects' might not grant visibility to the underlying server profiles.
• D. Although 'Authentication Profile' is under 'Device,' the specific request is for visibility into the 'LDAP, RADIUS, TACACS+, and SAML as Server profiles,' which are distinct configurations found under the 'Server Profiles' sub-section within 'Device'.

Concept tested. Custom administrator role configuration for server profiles

Reference. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/authentication/configure-a-custom-administrator-role.html

No community discussion yet for this question.