Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 250

An administrator needs to build Security rules in a Device Group that allow traffic to specific users and groups defined in Active Directory.
What must be configured in order to select users and groups for those rules from Panorama?

Answer options

• A. The Security rules must be targeted to a firewall in the device group and have Group Mapping configured.
• B. User-ID Redistribution must be configured on Panorama to ensure that all firewalls have the same mappings.
• C. A master device with Group Mapping configured must be set in the device group where the Security rules are configured.
• D. A User-ID Certificate profile must be configured on Panorama.

Correct answer: C

Explanation

The correct answer is C because having a master device with Group Mapping allows the device group to utilize the same user and group information across the firewalls. Option A is incorrect as merely targeting a firewall and having Group Mapping is not enough without a master device. Option B is not applicable since User-ID Redistribution alone does not ensure proper selection of users and groups for the rules. Option D is not relevant to selecting users and groups for Security rules.