Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks Exam PCNSE Topic 11 Question 88 Discussion

Actual exam question for Palo Alto Networks's Palo Alto Networks Certified Security Engineer PAN-OS 11.0 exam
Question #: 88
Topic #: 11
[All Palo Alto Networks Certified Security Engineer PAN-OS 11.0 Questions]

What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain?

Show Suggested Answer Hide Answer
Suggested Answer: A

For a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain, the most effective method is to use an Authentication policy targeting users not yet identified by the system.

A) an Authentication policy with 'unknown' selected in the Source User field:

An Authentication policy allows the firewall to challenge unidentified users for credentials. By selecting 'unknown' in the Source User field, the policy targets users who have not yet been identified by the firewall, which would include users on new BYOD devices not joined to the domain.

Once the user provides valid credentials, the firewall can authenticate the user and map their identity to subsequent sessions, enabling the application of user-based policy rules and monitoring.

This approach ensures that new and unknown devices can be properly authenticated and identified without compromising security or requiring the device to be part of the corporate domain.


Contribute your Thoughts:

Germaine
4 months ago
Ah, the age-old question of BYOD authentication. If only we had a mutant power to just know the answer!
upvoted 0 times
...
Roxanne
4 months ago
I don't know, guys. I'm leaning towards B, an authentication policy with 'known-user' selected. Doesn't that make more sense for identifying a user on a BYOD device?
upvoted 0 times
...
Youlanda
5 months ago
I have to disagree with Emile. I'm pretty sure the correct answer is A. An authentication policy with 'unknown' is the way to go for this scenario.
upvoted 0 times
Arlene
4 months ago
I'm not sure, but I think B) an Authentication policy with 'known-user' selected in the Source User field could also work.
upvoted 0 times
...
Vernell
4 months ago
I agree. It's important to have the right authentication policy in place for new devices.
upvoted 0 times
...
Ramonita
4 months ago
No, I believe it's actually D) a Security policy with 'unknown' selected in the Source User field.
upvoted 0 times
...
Vernell
4 months ago
I think you're right. Using an authentication policy with 'unknown' makes sense for a new BYOD device.
upvoted 0 times
...
Huey
4 months ago
I agree, that would allow the network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain.
upvoted 0 times
...
Rosina
4 months ago
I think the correct answer is A) an Authentication policy with 'unknown' selected in the Source User field.
upvoted 0 times
...
Felton
4 months ago
I think the correct answer is A) an Authentication policy with 'unknown' selected in the Source User field.
upvoted 0 times
...
...
Emile
5 months ago
Hmm, I'm not sure about that. I think it would be C, a security policy with 'known-user' selected in the Source User field. That seems like the most logical choice to me.
upvoted 0 times
...
Anthony
5 months ago
I think the answer is A. An authentication policy with 'unknown' selected in the Source User field would allow the administrator to authenticate and identify a BYOD-type device not joined to the corporate domain.
upvoted 0 times
Nell
4 months ago
No, that's for security policies, not authentication of new devices.
upvoted 0 times
...
Raymon
4 months ago
C) a Security policy with 'known-user' selected in the Source User field
upvoted 0 times
...
Tegan
4 months ago
That wouldn't work for new devices that are not known users.
upvoted 0 times
...
Joanna
4 months ago
B) an Authentication policy with 'known-user' selected in the Source User field
upvoted 0 times
...
Johnetta
4 months ago
Yes, that's correct. It allows for authentication of new devices.
upvoted 0 times
...
Buck
4 months ago
B) an Authentication policy with 'known-user' selected in the Source User field
upvoted 0 times
...
Dottie
5 months ago
A) an Authentication policy with 'unknown' selected in the Source User field
upvoted 0 times
...
Veda
5 months ago
A) an Authentication policy with 'unknown' selected in the Source User field
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77