ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam NGFW-Engineer All Questions

View all questions & answers for the NGFW-Engineer exam
Go to Exam

Exam NGFW-Engineer topic 1 question 11 discussion

Actual exam question from Palo Alto Networks's NGFW-Engineer
Question #: 11
Topic #: 1
[All NGFW-Engineer Questions]

In a Palo Alto Networks environment, GlobalProtect has been enabled using certificate-based authentication for both users and devices. To ensure proper validation of certificates, one or more certificate profiles are configured.
What function do certificate profiles serve in this context?

  • A. They store private keys for users and devices, effectively allowing the firewall to issue or reissue certificates if the primary Certificate Authority (CA) becomes unavailable, providing a built-in fallback CA to maintain continuous certificate issuance and authentication.
  • B. They define trust anchors (root / intermediate Certificate Authorities (CAs)), specify revocation checks (CRL/OCSP), and map certificate attributes (e.g., CN) for user or device authentication.
  • C. They allow the firewall to bypass certificate validation entirely, focusing only on username / password-based authentication.
  • D. They provide a one-click mechanism to distribute certificates to all endpoints without relying on external enrollment methods.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Seidor_Analytics at July 29, 2025, 5:50 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Seidor_Analytics
2 weeks, 3 days ago
Selected Answer: A
Feels like A is the one. Does anyone disagree?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel