PSE-STRATA-PRO-24 · Question #5
PSE-STRATA-PRO-24 Question #5: Real Exam Question with Answer & Explanation
The correct answer is A. Configure Cloud Identity Engine to learn the users' IP address-user mappings from the AD. When high traffic from Palo Alto Networks NGFWs to Active Directory servers causes performance issues, optimizing the way NGFWs gather user-to-IP mappings is critical. Palo Alto Networks offers multiple ways to collect user identity information, and Cloud Identity Engine provides
Question
Options
- AConfigure Cloud Identity Engine to learn the users' IP address-user mappings from the AD
- BConfigure an NGFW as a GlobalProtect gateway, then have all users run GlobalProtect Windows
- CConfigure data redistribution to redistribute IP address-user mappings from a hub NGFW to the
- DConfigure an NGFW as a GlobalProtect gateway, then have all users run GlobalProtect agents to
Explanation
When high traffic from Palo Alto Networks NGFWs to Active Directory servers causes performance issues, optimizing the way NGFWs gather user-to-IP mappings is critical. Palo Alto Networks offers multiple ways to collect user identity information, and Cloud Identity Engine provides a solution that reduces the load on AD servers while still ensuring efficient and accurate Option A (Correct): Cloud Identity Engine allows NGFWs to gather user-to-IP mappings directly from Active Directory authentication logs or other identity sources without placing heavy traffic on the AD servers. By leveraging this feature, the NGFW can offload authentication-related tasks and efficiently identify users without overloading AD servers. This solution is scalable and minimizes the overhead typically caused by frequent User-ID queries to AD servers.
Community Discussion
No community discussion yet for this question.