Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 432
An engineer creates a set of rules in a Device Group (Panorama) to permit traffic to various services for a specific LDAP user group.
What needs to be configured to ensure Panorama can retrieve user and group information for use in these rules?
Answer options
- A. A service route to the LDAP server
- B. A User-ID agent on the LDAP server
- C. A Master Device
- D. Authentication Portal
Correct answer: C
Explanation
To allow Panorama to retrieve user and group information, a Master Device must be configured, as it is responsible for managing user-ID information across the network. The other options, such as a service route or User-ID agent, relate to communication or user identification but do not directly ensure that Panorama can access the necessary data.