Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 190

If using group mapping with Active Directory Universal Groups, what must you do when configuring the User ID?

Answer options

• A. Configure a Primary Employee ID number for user-based Security policies.
• B. Create a RADIUS Server profile to connect to the domain controllers using LDAPS on port 636 or 389.
• C. Create an LDAP Server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL.
• D. Configure a frequency schedule to clear group mapping cache.

Correct answer: C

Explanation

The correct answer is C because an LDAP Server profile is necessary to connect to the Global Catalog server for effective group mapping. Option A is incorrect as it pertains to user-based security policies, which are not directly related to group mapping. Option B refers to RADIUS configurations, which are not essential for this specific task, and option D discusses cache management, which is not a requirement in this context.