Pass the Paloalto Networks Network Security Administrator PCNSA Questions and answers with ValidTests

Domain Credential detection is the User Credential Detection method that checks for the submission of a valid corporate username and the associated password within a URL Filtering Security profile. This method requires the Windows User-ID agent and the User-ID credential service to be installed on a read-only domain controller (RODC). The firewall can then detect passwords submitted to web pages and compare them with the domain credentials stored on the RODC. If the firewall detects a match, it can block the request, alert the user, or generate a log entry1. References: Configure Credential Detection with the Windows User-ID Agent, Set Up Credential Phishing Prevention, Certifications - Palo Alto Networks, Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0) or [Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)].

https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/app-id/use-application-objects-in-policy/create-a-custom-application

In the FW you define an Auth sequence which specifies the Auth Profile. If you click add on an Auth Profile and define one named TACACS for example, the Auth Profile calls in the TACACS+ Server Profile.

Explanation

Explanation/Reference:

A dynamic address group populates its members dynamically using look ups for tags and tag-based filters. Tags are metadata elements or attribute-value pairs that are registered for each IP address. Tag-based filters use logical and and or operators to match the tags and determine the membership of the dynamic address group. For example, you can create a dynamic address group that includes all IP addresses that have the tags “web-server” and “linux”. You can also use static tags as part of the filter criteria. References: Policy Object: Address Groups, Use Dynamic Address Groups in Policy, Statics vs. Dynamic Address Objects Groups

Explanation/Reference: