PCNSA Question #88: Real Exam Question with Answer & Explanation

The correct answer is D: They are used to map users to groups.. In the User-ID Group Mapping configuration (Device > User Identification > Group Mapping Settings), the 'Included Groups' field specifies which LDAP/AD groups the firewall should retrieve and map users into. The firewall uses this mapping so that security policies referencing gro

Submitted by dimitri_ru· Apr 18, 2026Configure

Question

Based on the screenshot, what is the purpose of the Included Groups?

Options

AThey are groups that are imported from RADIUS authentication servers.
BThey are the only groups visible based on the firewall's credentials.
CThey contain only the users you allow to manage the firewall.
DThey are used to map users to groups.

Explanation

In the User-ID Group Mapping configuration (Device > User Identification > Group Mapping Settings), the 'Included Groups' field specifies which LDAP/AD groups the firewall should retrieve and map users into. The firewall uses this mapping so that security policies referencing group names can match actual users. This is purely a user-to-group mapping mechanism - it does not restrict firewall management access (C), nor is it limited to RADIUS-sourced groups (A). The firewall's credentials determine what it can read from the directory (B), but the Included Groups filter which groups are actually mapped.

Topics

#User-ID#Group Mapping#Identity-based Policies#LDAP Integration

Community Discussion

No community discussion yet for this question.

Full PCNSA Practice Browse All PCNSA Questions