Which two actions in the IKE Gateways will allow implementation of post-quantum cryptography when building VPNs between multiple Palo Alto Networks NGFWs? (Choose two.)
A.
Select IKE v2, enable the Advanced Options PQ PPK, then set a 64+ character string for the post-quantum pre shared key.
B.
Ensure Authentication is set to “certificate,” then import a post-quantum derived certificate.
C.
Select IKE v2 Preferred, enable the Advanced Options PQ KEM, then add one or more “Rounds.”
D.
Select IKE v2, enable the Advanced Options PQ KEM, then create an IKE Crypto Profile with Advanced Options adding one or more “Rounds.”
The correct answers are: A and D — not C and D.
Why C is incorrect:
• “IKE v2 Preferred” is not a valid configuration option in Palo Alto NGFW IKE Gateway settings.
• You simply select IKEv2 (there is no “Preferred” mode).
• Furthermore, adding "Rounds" directly in the gateway is insufficient — a proper IKE Crypto Profile must be configured (as stated in D).
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ThelioNN
1 month agomirko1976
1 month, 1 week ago