ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam NGFW-Engineer All Questions

View all questions & answers for the NGFW-Engineer exam
Go to Exam

Exam NGFW-Engineer topic 1 question 21 discussion

Actual exam question from Palo Alto Networks's NGFW-Engineer
Question #: 21
Topic #: 1
[All NGFW-Engineer Questions]

What must be configured before a firewall administrator can define policy rules based on users and groups?

  • A. User Mapping profile
  • B. Authentication profile
  • C. Group mapping settings
  • D. LDAP Server profile
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by boyd_05 at July 28, 2025, 1:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
31791c1
Highly Voted 1 month ago
Selected Answer: C
I think the answer is C. It asks what must be configured to implement security policy using user/groups. Pulling user/group mapping info can be done without an LDAP server profile. You can configure the firewall to connect to CIE to pull the user/group info. You can also have a windows user-ID agent pull the LDAP user/group mappings, in which case you would not need a LDAP server profile on the Firewall.
upvoted 5 times
...
GarlicNaan420
Most Recent 3 months ago
Selected Answer: D
You first need and LDAP server profile before you can select group map settings
upvoted 2 times
...
boyd_05
4 months ago
Selected Answer: D
i feel like ldap server profiles needs to be created first then group mapping settings. https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/user-id/map-users-to-groups
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel