ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam NGFW-Engineer All Questions

View all questions & answers for the NGFW-Engineer exam
Go to Exam

Exam NGFW-Engineer topic 1 question 43 discussion

Actual exam question from Palo Alto Networks's NGFW-Engineer
Question #: 43
Topic #: 1
[All NGFW-Engineer Questions]

An engineer is implementing a new rollout of SAML for administrator authentication across a company’s Palo Alto Networks NGFWs. User authentication on company firewalls is currently performed with RADIUS, which will remain available for six months, until it is decommissioned. The company wants both authentication types to be running in parallel during the transition to SAML.
Which two actions meet the criteria? (Choose two.)

  • A. Create a testing and rollback plan for the transition from Radius to SAML, as the two authentication profiles cannot be run in tandem.
  • B. Create an authentication sequence that includes both the “RADIUS” Server Profile and “SAML Identity Provider” Server Profile to run the two services in tandem.
  • C. Create and apply an authentication profile with the “SAML Identity Provider” Server Profile.
  • D. Create and add the “SAML Identity Provider” Server Profile to the authentication profile for the “RADIUS” Server Profile.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by mirko1976 at May 9, 2025, 7:50 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mirko1976
1 month, 1 week ago
Selected Answer: BC
To support parallel use of SAML and RADIUS for administrator authentication on Palo Alto Networks NGFWs during a transition period, the following approach should be used: B. Authentication Sequence • An Authentication Sequence allows the firewall to try multiple authentication profiles in a specified order. • You can configure an authentication sequence that includes both: - The current RADIUS-based Authentication Profile, and - The new SAML-based Authentication Profile. • This ensures that both authentication methods work in tandem, providing a fallback and easing the migration process. C. SAML Authentication Profile • You must create a new Authentication Profile using the SAML Identity Provider (IdP) Server Profile. • This profile is used as part of the sequence and can also be directly assigned to specific admin roles or test accounts. Why D is incorrect: D. Add SAML IdP Server Profile to the existing RADIUS profile Invalid approach. You cannot combine multiple server profiles inside a single authentication profile. You must use separate authentication profiles and link them via an authentication sequence.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel