Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and role names? (Choose three.)
- A.TACACS+
- B.Kerberos
- C.PAP
- D.LDAP
- E.SAML
- F.RADIUS
palo-alto · PCNSE · Q605 · multiple_response · topic_1
Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and…
Explanation
Correct: A,E,F
The administrative accounts are DEFINED on an external SAML, TACACS+, or RADIUS server. The server performs both authentication and authorization. For authorization, you define Vendor-Specific Attributes (VSAs) on the TACACS+ or RADIUS server, or SAML attributes on the SAML server. PAN-OS maps the attributes to administrator roles, access domains, user groups, and virtual systems that you define on the firewall.
Kerberos, LDAP, and PAP required the admin account to be locally defined on the firewall.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication.html
Reference: examtopics_top_comment
Practice with progress tracking
Sign in to track wrong answers, get spaced-repetition reminders, and run timed exam mode.