Palo Alto Networks System Engineer – Strata — Question 42

You have a prospective customer that is looking for a way to provide secure temporary access to contractors for a designated period of time. They currently add contractors to existing user groups and create ad hoc policies to provide network access. They admit that once the contractor no longer needs access to the network, administrators are usually too busy to manually delete policies that provided access to the contractor. This has resulted in over-provisioned access that has allowed unauthorized access to their systems.
They are looking for a solution to automatically remove access for contractors once access is no longer required.
You address their concern by describing which feature in the NGFW?

Answer options

• A. Dynamic User Groups
• B. Dynamic Address Groups
• C. Multi-factor Authentication
• D. External Dynamic Lists

Correct answer: A

Explanation

Dynamic User Groups in the NGFW can automatically manage user access based on predefined criteria, ensuring that contractors lose access once it's no longer needed. This addresses the issue of over-provisioned access by automating the removal process. The other options, while useful in different contexts, do not specifically offer the same capability for managing contractor access dynamically.