ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSA All Questions

View all questions & answers for the PCNSA exam
Go to Exam

Exam PCNSA topic 1 question 58 discussion

Actual exam question from Palo Alto Networks's PCNSA
Question #: 58
Topic #: 1
[All PCNSA Questions]

Your company has 10 Active Directory domain controllers spread across multiple WAN links. All users authenticate to Active Directory. Each link has substantial network bandwidth to support all mission-critical applications. The firewall's management plane is highly utilized.
Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?

  • A. Windows-based agent on a domain controller
  • B. Captive Portal
  • C. Citrix terminal server agent with adequate data-plane resources
  • D. PAN-OS integrated agent
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Rowdy_47 at Sept. 22, 2021, 2:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Rowdy_47
Highly Voted 2 years ago
Although, the Windows-based agent and the PAN-OS integrated agent perform the same basic tasks, they use different underlying communication protocols. This difference makes each agent more appropriate for different environments. The Windows-based agent uses MS-RPC, which requires the full Windows Security logs to be sent to the agent, where they are filtered for the relevant User-ID information. The PAN-OS integrated agent uses either the Windows Management Instrumentation, of WMI, or the Windows Remote Management Protocol, or WinRM which enables the agent to retrieve only the User-ID information from the Windows Security logs. The result is that, in an infrastructure with remote networks separated with WAN links, the integrated agent is more appropriate for reading remote logs and the Windows-based agent is more appropriate for reading local logs.However, uses of the integrated agent is not without cost: it consumes more of the firewall’s management plane resources. For this reason, deployment of the Windows agent at remote sites and having them forward the relevant User-ID information to firewall on a central network often is beneficial.
upvoted 5 times
...
ericli87
Most Recent 5 months, 4 weeks ago
if A is "Windows-based User-ID agent on a standalone server", so maybe C is the better solution?
upvoted 2 times
...
BeforeScope
8 months, 3 weeks ago
Selected Answer: A
With passive server monitoring, a User-ID agent(either a Windows-based or integrated User-ID agent) monitors the Security logs for user login or logout events for the specified Microsoft domain controllers: [Palo Alto Networks]
upvoted 1 times
...
javim
1 year, 3 months ago
Selected Answer: A
I think A In an infrastructure with remote networks separated by WAN links, the integrated agent is more appropriate for reading remote logs and the Windows-based agent is more appropriate for reading local logs. However, use of the integrated agent is not without cost: It consumes more of the firewall’s management plane resources. For this reason, deployment of the Windows agent at remote sites and having them forward the relevant User-ID information to a firewall on a central network often is beneficial.
upvoted 2 times
...
Cyril_the_Squirl
1 year, 11 months ago
A is Correct. https://docs.paloaltonetworks.com/compatibility-matrix/user-id-agent/where-can-i-install-the-user-id-agent.html#id8f750af3-799f-4546-8b9e-a44a23b5b5c0
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago