ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 271 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 271
Topic #: 1
[All PCNSE Questions]

What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain?

  • A. a Security policy with 'known-user' selected in the Source User field
  • B. a Security policy with 'unknown' selected in the Source User field
  • C. an Authentication policy with 'known-user' selected in the Source User field
  • D. an Authentication policy with 'unknown' selected in the Source User field
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by bimyo at Sept. 22, 2022, 11:29 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
blahblah1234567890000
2 months, 2 weeks ago
Selected Answer: D
Whenever a user requests a resource, the firewall evaluates Authentication policy. Based on the matching policy rule, the firewall then prompts the user to respond to one or more challenges of different factors (types), such as login and password, voice, SMS, push, or one-time password (OTP) authentication. After the user responds to all the factors, the firewall evaluates Security policy (see Policies > Security) to determine whether to allow access to the resource.
upvoted 2 times
blahblah1234567890000
2 months, 2 weeks ago
Select the source users or user groups to which the rule applies: any—Includes any traffic regardless of source user. pre-logon—Includes remote users who are not logged into their client systems but whose client systems connect to the network through the GlobalProtect pre-logon feature . known-user—Includes all users for whom the firewall already has IP address-to-username mappings before the rule evokes authentication. unknown—Includes all users for whom the firewall does not have IP address-to-username mappings. After the rule evokes authentication, the firewall creates user mappings for unknown users based on the usernames they entered. Select—Includes only the users and user groups that you Add to the Source User list.
upvoted 3 times
...
...
confusion
8 months, 3 weeks ago
Selected Answer: D
D unknown—Includes all users for whom the firewall does not have IP address-to-username mappings. After the rule evokes authentication, the firewall creates user mappings for unknown users based on the usernames they entered.
upvoted 2 times
...
TAKUM1y
9 months ago
Selected Answer: D
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/policies/policies-authentication/building-blocks-of-an-authentication-policy-rule
upvoted 2 times
...
bimyo
10 months ago
Seems D is correct, as authentication policy with with the "Unknown", as unknown—Includes all users for whom the firewall does not have IP address-to-username mappings. After the rule evokes authentication, the firewall creates user mappings for unknown users based on the usernames they entered. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/policies/policies-authentication/building-blocks-of-an-authentication-policy-rule
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago