Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

  1. Home
  2. Discussions
  3. Paloalto Networks
  4. Network Security Administrator
  5. NGFW-Engineer Discussions
  6. NGFW-Engineer Exam Topic 1 Question 3 Discussion

Paloalto Networks Palo Alto Networks Next-Generation Firewall Engineer NGFW-Engineer Question # 3 Topic 1 Discussion

 Paloalto Networks Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Paloalto Networks Palo Alto Networks Next-Generation Firewall Engineer NGFW-Engineer Question # 3 Topic 1 Discussion

NGFW-Engineer Exam Topic 1 Question 3 Discussion:
Question #: 3
Topic #: 1

An organization uses Cloud Identity Engine (CIE) to gather user information from its on-premises Active Directory (AD) for employees and a separate Azure AD for external partners. Due to compliance regulations, the firewalls protecting the internal network must not have any identity information about external partners. Conversely, firewalls in the partner-facing DMZ should only be aware of partner identities.

Which CIE feature is designed to solve this data partitioning requirement?
A.

Panorama templates, which can be used to push different User-ID agent configurations to each firewall group

B.

Segments, which can be configured to create distinct, filter-based views of users and groups that are then redistributed only to the appropriate firewalls

C.

Multiple tenants, where a separate CIE tenant is required for each user directory to maintain isolation

D.

Directory sync filtering, which is used at the source to prevent specific OUs from being imported into CIE

Get Premium NGFW-Engineer Questions
Actual exam question for Paloalto Networks NGFW-Engineer exam by Zara8386 at Jun 1, 2026, 10:54:06 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next