Quiz 12 Flashcards
Which User-ID component and mapping method is recommended for web clients that do not use the domain server?
Select one:
a. Terminal Services agent
b. Captive Portal
c. GlobalProtect
d. XML API
Captive Portal
Which port does the Palo Alto Networks Windows-based User-ID agent use by default?
Select one:
a. TCP port 443
b. TCP port 80
c. TCP port 4125
d.
TCP port 5007
TCP port 5007
The User-ID feature identifies the user and IP address of the computer the user is logged into for Next Generation firewall policy enforcement.
Select one:
True
False
True
Which two statements are true regarding User-ID and firewall configuration?
Choose the 2 correct choices.
If you choose an incorrect choice your question score will be deducted
Select one or more:
a.
The USER-ID agent must be installed on the domain controller
b.
The firewall needs to have information for every USER-ID agent for which it will connect
c.
NETBIOS is the only client-probing method supported by the USER-ID agent
d.
Communication between the firewall and USER-ID agent are sent over an encrypted SSL connection
The firewall needs to have information for every USER-ID agent for which it will connect
Communication between the firewall and USER-ID agent are sent over an encrypted SSL connection
Which statement is true regarding User-ID and Security policy rules?
Select one:
a.
The Source IP and Source User fields cannot be used in the same policy.
b.
If the user associated with an IP address cannot be determined, all traffic from that address will be dropped.
c.
The Source User field can match only users, not groups.
d.
Users can be used in policy rules only if they are known by the firewall
Users can be used in policy rules only if they are known by the firewall
Which item is not a valid choice when the Source User field is configured in a Security policy rule?
Select one:
a.
unknown
b.
all
c.
known-user
d.
any
all
