Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 327

When configuring a security policy, what is a best practice for User-ID?

Answer options

• A. Use only one method for mapping IP addresses to usernames.
• B. Allow the User-ID agent in zones where agents are not monitoring services.
• C. Limit User-ID to users registered in an Active Directory server.
• D. Deny WMI traffic from the User-ID agent to any external zone.

Correct answer: D

Explanation

The correct answer is D because blocking WMI traffic from the User-ID agent to external zones helps to secure the network and prevent unauthorized access. Options A and C are not best practices as they limit flexibility and can hinder user identification. Option B may expose the User-ID agent to vulnerabilities by allowing it in unmonitored zones.