What is a correct statement regarding administrative authentication using external services with a local authorization method?
A.
The administrative accounts you define on an external authentication server serve as references to the accounts defined locally on the firewall.
B.
Prior to PAN-OS 10.2, an administrator used the firewall to manage role assignments, but access domains have not been supported by this method.
C.
Starting with PAN-OS 10.2, an administrator needs to configure Cloud Identity Engine to use external authentication services for administrative authentication.
D.
The administrative accounts you define locally on the firewall serve as references to the accounts defined on an external authentication server.
D. The administrative accounts you define locally on the firewall serve as references to the accounts defined on an external authentication server.
This statement is true. When configuring external authentication on a Palo Alto Networks firewall, the local administrative accounts defined on the firewall can act as fallback references. If the external authentication server is unavailable or authentication fails, the firewall can fall back to using the locally defined administrative accounts for authentication.
D is correct; 10.2 does not seem to have changed this method.
Cloud Identity Engine, for knowledge: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-new-features/identity-features/cloud-identity-engine
By using a cloud-based solution, you can reallocate the resources required for authentication from the firewall or Panorama to the cloud. The Cloud Authentication Service also allows you to configure the authentication source once instead of for each authentication method you use (for example, Authentication Portal or administrator authentication).
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication
The administrative accounts you define locally on the firewall serve as references to the accounts defined on an external Multi-Factor Authentication, SAML, Kerberos, TACACS+, RADIUS, or LDAP server.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.PCNSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
jeremykebir
9 months, 2 weeks agojoquin0020
1 year, 2 months agoMarshpillowz
1 year, 3 months agoDenskyDen
2 years, 2 months agoTAKUM1y
2 years, 6 months agoconfusion
2 years, 6 months agohappyism
2 years, 6 months agoCCIE5592
2 years, 7 months ago