Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 514

A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged.
Given the information, what is the best choice for deploying User-ID to ensure maximum coverage?

Answer options

• A. agentless User-ID with redistribution
• B. Syslog listener
• C. captive portal
• D. standalone User-ID agent

Correct answer: B

Explanation

The correct answer is B, as a Syslog listener can effectively aggregate authentication logs from various sources, ensuring comprehensive visibility across the network. The other options, while useful in specific scenarios, do not provide the same level of integration and coverage needed for tracking user identities across multiple authentication methods.