Palo Alto Networks (PANW) Certified Network Security Administrator (PCNSA) Practice Exam

What is the best method to collect user information from Linux and Mac systems without IP-address-to-user mappings?

• A. Use Captive Portal
• B. Install a user agent on each device
• C. Implement a survey for users
• D. Utilize Packet Capture Analysis

The correct answer is: Use Captive Portal

Using a Captive Portal is an effective method for collecting user information from Linux and Mac systems without needing IP-address-to-user mappings. A Captive Portal works by redirecting users to a web page when they first attempt to access the network. Before they can access the internet, users are required to authenticate or provide their details through the portal. This approach allows you to gather user data such as username, email address, and any other relevant information during the login process. The Captive Portal method is beneficial in that it operates at the network entry point and can be configured to serve various user devices, including Linux and Mac systems. It ensures that you can collect user-specific information directly from the individuals accessing the network, making it a reliable method without needing additional software installed on each device. In contrast, installing a user agent on each device might be challenging in environments with varying operating systems and also requires administrative privileges, which may not always be feasible. Implementing a survey relies on users voluntarily providing information, which may not yield a comprehensive dataset. Packet Capture Analysis is primarily a network traffic monitoring tool aimed at identifying data flows and network issues, not at collecting user-specific information. Thus, the Captive Portal stands out as the most effective choice in this scenario