Download the latest PSE-Strata-Pro-24 exam dumps PDF for Preparation.
Exam : PSE-Strata-Pro-24
Title : Palo Alto Networks Systems
Engineer Professional -
Hardware Firewall
https://www.passcert.com/PSE-Strata-Pro-24.html
, Download the latest PSE-Strata-Pro-24 exam dumps PDF for Preparation.
1.A company plans to deploy identity for improved visibility and identity-based controls for least privilege
access to applications and data. The company does not have an on-premises Active Directory (AD)
deployment, and devices are connected and managed by using a combination of Entra ID and Jamf.
Which two supported sources for identity are appropriate for this environment? (Choose two.)
A. Captive portal
B. User-ID agents configured for WMI client probing
C. GlobalProtect with an internal gateway deployment
D. Cloud Identity Engine synchronized with Entra ID
Answer: C, D
Explanation:
In this scenario, the company does not use on-premises Active Directory and manages devices with Entra
ID and Jamf, which implies a cloud-native and modern management setup.
Below is the evaluation of each option:
Option A: Captive portal
Captive portal is typically used in environments where identity mapping is needed for unmanaged devices
or guest users. It provides a mechanism for users to authenticate themselves through a web interface.
However, in this case, the company is managing devices using Entra ID and Jamf, which means identity
information can already be centralized through other means. Captive portal is not an ideal solution here.
This option is not appropriate.
Option B: User-ID agents configured for WMI client probing
WMI (Windows Management Instrumentation) client probing is a mechanism used to map IP addresses to
usernames in a Windows environment. This approach is specific to on-premises Active Directory
deployments and requires direct communication with Windows endpoints.
Since the company does not have an on-premises AD and is using Entra ID and Jamf, this method is not
applicable.
This option is not appropriate.
Option C: GlobalProtect with an internal gateway deployment
GlobalProtect is Palo Alto Networks' VPN solution, which allows for secure remote access. It also
supports identity-based mapping when deployed with internal gateways.
In this case, GlobalProtect with an internal gateway can serve as a mechanism to provide user and device
visibility based on the managed devices connecting through the gateway.
This option is appropriate.
Option D: Cloud Identity Engine synchronized with Entra ID
The Cloud Identity Engine provides a cloud-based approach to synchronize identity information from
identity providers like Entra ID (formerly Azure AD).
In a cloud-native environment with Entra ID and Jamf, the Cloud Identity Engine is a natural fit as it
integrates seamlessly to provide identity visibility for applications and data.
This option is appropriate.
Reference: Palo Alto Networks documentation on Cloud Identity Engine GlobalProtect configuration and
use cases in Palo Alto Knowledge Base
2.A systems engineer (SE) is working with a customer that is fully cloud-deployed for all applications.
The customer is interested in Palo Alto Networks NGFWs but describes the following challenges:
"Our apps are in AWS and Azure, with whom we have contracts and minimum-revenue guarantees. We
Exam : PSE-Strata-Pro-24
Title : Palo Alto Networks Systems
Engineer Professional -
Hardware Firewall
https://www.passcert.com/PSE-Strata-Pro-24.html
, Download the latest PSE-Strata-Pro-24 exam dumps PDF for Preparation.
1.A company plans to deploy identity for improved visibility and identity-based controls for least privilege
access to applications and data. The company does not have an on-premises Active Directory (AD)
deployment, and devices are connected and managed by using a combination of Entra ID and Jamf.
Which two supported sources for identity are appropriate for this environment? (Choose two.)
A. Captive portal
B. User-ID agents configured for WMI client probing
C. GlobalProtect with an internal gateway deployment
D. Cloud Identity Engine synchronized with Entra ID
Answer: C, D
Explanation:
In this scenario, the company does not use on-premises Active Directory and manages devices with Entra
ID and Jamf, which implies a cloud-native and modern management setup.
Below is the evaluation of each option:
Option A: Captive portal
Captive portal is typically used in environments where identity mapping is needed for unmanaged devices
or guest users. It provides a mechanism for users to authenticate themselves through a web interface.
However, in this case, the company is managing devices using Entra ID and Jamf, which means identity
information can already be centralized through other means. Captive portal is not an ideal solution here.
This option is not appropriate.
Option B: User-ID agents configured for WMI client probing
WMI (Windows Management Instrumentation) client probing is a mechanism used to map IP addresses to
usernames in a Windows environment. This approach is specific to on-premises Active Directory
deployments and requires direct communication with Windows endpoints.
Since the company does not have an on-premises AD and is using Entra ID and Jamf, this method is not
applicable.
This option is not appropriate.
Option C: GlobalProtect with an internal gateway deployment
GlobalProtect is Palo Alto Networks' VPN solution, which allows for secure remote access. It also
supports identity-based mapping when deployed with internal gateways.
In this case, GlobalProtect with an internal gateway can serve as a mechanism to provide user and device
visibility based on the managed devices connecting through the gateway.
This option is appropriate.
Option D: Cloud Identity Engine synchronized with Entra ID
The Cloud Identity Engine provides a cloud-based approach to synchronize identity information from
identity providers like Entra ID (formerly Azure AD).
In a cloud-native environment with Entra ID and Jamf, the Cloud Identity Engine is a natural fit as it
integrates seamlessly to provide identity visibility for applications and data.
This option is appropriate.
Reference: Palo Alto Networks documentation on Cloud Identity Engine GlobalProtect configuration and
use cases in Palo Alto Knowledge Base
2.A systems engineer (SE) is working with a customer that is fully cloud-deployed for all applications.
The customer is interested in Palo Alto Networks NGFWs but describes the following challenges:
"Our apps are in AWS and Azure, with whom we have contracts and minimum-revenue guarantees. We
