Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 553

What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain?

Answer options

• A. a Security policy with 'known-user' selected in the Source User field
• B. a Security policy with 'unknown' selected in the Source User field
• C. an Authentication policy with 'known-user' selected in the Source User field
• D. an Authentication policy with 'unknown' selected in the Source User field

Correct answer: D

Explanation

The correct answer is D because selecting 'unknown' in the Source User field allows the system to authenticate users from devices that are not recognized on the corporate domain. Options A and C both require a 'known-user', which is not applicable for new BYOD devices. Option B lacks the necessary authentication mechanism for user identification.