Palo Alto Networks NGFW Engineer — Question 66
When considering the various methods for User-ID to learn user-to-IP address mappings, which source is considered the most accurate due to the mapping being explicitly created through an authentication event directly with the firewall?
Answer options
- A. X-Forwarded-For (XFF) headers
- B. Server monitoring
- C. GlobalProtect
- D. Authentication Portal
Correct answer: D
Explanation
The Authentication Portal is considered the most accurate source because it directly establishes user-to-IP mappings through explicit authentication events with the firewall. In contrast, X-Forwarded-For headers and server monitoring may not provide accurate mappings as they do not rely on direct user authentication events, and GlobalProtect, while useful, is not as precise as the Authentication Portal for this purpose.