Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 409

A superuser is tasked with creating administrator accounts for three contractors. For compliance purposes, all three contractors will be working with different device-groups in their hierarchy to deploy policies and objects.

Which type of role-based access is most appropriate for this project?

Answer options

• A. Create a Dynamic Admin with the Panorama Administrator role.
• B. Create a Dynamic Read only superuser.
• C. Create a Device Group and Template Admin.
• D. Create a Custom Panorama Admin.

Correct answer: C

Explanation

The correct answer is C because a Device Group and Template Admin role allows specific access to designated device-groups, ensuring each contractor can manage their respective policies without interfering with others. The other options either provide too much or too little access, which does not meet the project's compliance requirements.