Palo Alto Networks SSE Engineer — Question 34

How can role-based access control (RBAC) for Prisma Access (Managed by Strata Cloud Manager) be used to grant each member of a security team full administrative access to manage the Security policy in a single tenant while restricting access to other tenants in a multitenant deployment?

Answer options

• A. Add the team to the Parent Tenant, select the Prisma Access Configuration Scope, and set the role to Security Administrator.
• B. Add the team to the Child Tenant, select All Apps & Services, and set the role to Security Administrator.
• C. Add the team to the Parent Tenant, select Prisma Access & NGFW Configuration, and set the role to Security Administrator.
• D. Add the team to the Child Tenant, select Prisma Access & NGFW Configuration, and set the role to Security Administrator.

Correct answer: D

Explanation

The correct answer is D because assigning the team to the Child Tenant with the Prisma Access & NGFW Configuration allows full administrative access strictly for that tenant, while restricting access to others. Options A and C incorrectly assign the team to the Parent Tenant, which would grant broader access than intended. Option B does not provide the correct configuration scope necessary for managing Security policies.