Palo Alto Networks XSIAM Engineer — Question 49

A Cortex XSIAM engineer is implementing role-based access control (RBAC) and scope-based access control (SBAC) for users accessing the Cortex XSIAM tenant with the following requirements:
Users managing machines in Europe should be able to manage and control all endpoints and installations, create profiles and policies, view alerts, and initiate Live Terminal, but only for endpoints in the Europe region.
Users managing machines in Europe should not be able to create, modify, or delete new or existing user roles.
The Europe region endpoints are identified by both of the following:
Endpoint Tag = "Europe-Servers" and Endpoint Group = "Europe" for servers in Europe
Endpoint Group = "Europe" and Endpoint Tag = "Europe-Workstation" for workstations in Europe
Which two sets of implementation actions should the engineer take? (Choose two.)

Answer options

• A. Verify and confirm that SBAC mode under "Server Settings" is set to "Restrictive," and assign "EG:Europe" under the user permission scope configuration.
• B. Use the pre-defined roles, assign the "Instance Administrator" role to the user or user group managing Europe-based endpoints.
• C. Verify and confirm that SBAC mode under "Server Settings" is set to "Permissive," and assign "EG:Europe" under the user permission scope configuration.
• D. Use the pre-defined roles, assign the "Privileged IT Admin" role to the user or user group managing Europe-based endpoints.

Correct answer: A, D

Explanation

The correct answer includes option A, which ensures that SBAC is set to 'Restrictive' to limit permissions appropriately, and assigns the necessary scope for Europe. Option D is also correct as it provides a predefined role that aligns with management tasks. Options B and C do not meet the requirement of restricting user role management, making them incorrect choices.