Palo Alto Networks SSE Engineer — Question 19

An engineer configures User-ID redistribution from an on-premises firewall connected to Prisma Access (Managed by Panorama) using a service connection. After committing the configuration, traffic from remote network connections is still not matching the correct user-based policies.
Which two configurations need to be validated? (Choose two.)

Answer options

• A. Ensure the Remote_Network_Template is selected when adding the User-ID Agent in Panorama.
• B. Confirm there is a Security policy configured in Prisma Access to allow the communication on port 5007.
• C. Confirm the Collector Pre-Shared Keys match between Prisma Access and the on-premises firewall.
• D. Ensure the Service_Conn_Template is selected when adding the User-ID Agent in Panorama.

Correct answer: A, C

Explanation

Option A is correct because selecting the appropriate template is essential for the User-ID Agent to function correctly. Option C is also correct since mismatched Pre-Shared Keys would prevent proper communication between the firewall and Prisma Access. Options B and D are incorrect as they do not directly address the specific configurations required for User-ID redistribution to work.