Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
A company wants to use their Active Directory groups to simplify their Security policy creation from Panorama. Which configuration is necessary to retrieve groups from Panorama?
A.
Configure an LDAP Server profile and enable the User-ID service on the management interface.
B.
Configure a group mapping profile to retrieve the groups in the target template.
C.
Configure a Data Redistribution Agent to receive IP User Mappings from User-ID agents.
D.
Configure a master device within the device groups.
I am not sure what you are all relating to, but
.. AD groups are always gathered from LDAP(AD servers), so an LDAP profile must be distributed via template from Panorama. Each FW gets his groups then directly from LDAP.
The MASTER DEVICE is ONLY used for User-ID information gathering! Please take a look in Panorama Device groups, label says "master device is the firewall which Panorama gathers user ID info for use in policies". Nothing to do with groups here!
So answer CANNOT be D if the questrion is related to AD groups! Only A or B are possible.
Answer is C
Direct from Panorama, when you select a User ID Master device the check option for it specifies to store groups too.
"Store users and groups from Master Device if Reporting and Filtering on Groups is enabled in Panorama Settings"
Answer is D. To simplify the creation or modification of user- and group-based policies, you can use a Master Device to add the group names to drop-down lists in security policy rules. You need to designate a firewall as a Master Device for each device group. After you add a Master Device, the device group inherits all policies defined on the master device; for this reason, it should be a standalone, dedicated device to be used for that device group. Alternatively, you can enable username-to-user group mapping using an LDAP profile with a Group Include List.
This question is not formed right. It is asking about "retrieving groups from Panorama", but it should be about "Panorama retrieving groups from Firewall".
D is correct but you still need to get the group information on the master device (firewall) which I already configured as decried in A. Please note: You cannot configure A on Panorama.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFQCA0
I guess what I am trying to say: I don't like the question. But D seems to be the most correct answer, ignoring how the Group information is provided to the FW.
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Gab99
Highly Voted 1 year, 2 months agoJared28
1 month, 2 weeks agoJared28
1 month, 2 weeks agoscanossa
Most Recent 2 months, 1 week agoWhizdhum
4 months agoMetgatz
4 months, 1 week agodavidpm
8 months agoTAKUM1y
1 year, 6 months agoAlen
1 year, 8 months agoJMIB
1 year, 8 months agohabeeb222
1 year, 8 months agoUFanat
1 year, 9 months agomtopolovec
1 year, 10 months agoDavidBackham2020
2 years, 3 months ago