Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 282

The NetSec Manager asked to create a new EMEA Regional Panorama Administrator profile with customized privileges. In particular, the new EMEA Regional Panorama Administrator should be able to:

Access only EMEA-Regional device groups with read-only privileges
Access only EMEA-Regional templates with read-only privileges

What is the correct configuration for the new EMEA Regional Panorama Administrator profile?

Answer options

• A. Administrator Type = Device Group and Template Admin Admin Role = EMEA_Regional_Admin_read_only Access Domain = EMEA-Regional
• B. Administrator Type = Dynamic - Admin Role = Superuser (read-only)
• C. Administrator Type = Dynamic - Admin Role = Panorama Administrator
• D. Administrator Type = Custom Panorama Admin Profile = EMEA Regional Admin_read_only

Correct answer: A

Explanation

Option A is correct as it assigns the appropriate Administrator Type and Admin Role that meet the requirement of read-only access to both device groups and templates specific to the EMEA region. The other options do not provide the correct combination of access or roles required for the specified tasks, as they either offer broader permissions or do not align with the read-only criteria.