Exam PCNSE topic 1 question 472 discussion

from study guide :- When user or administrative access is configured, one or more authentication methods must be specified. A user or administrator definition typically requires an Authentication Profile that specifies the desired authentication method. When more than one method is desired, you can instead use an Authentication Sequence, which is a list of Authentication Profiles. The first profile will be accessed. If it is not available, the next option will be tried. An Authentication Profile specifies a single Server Profile. A Server Profile contains specific configuration and access information that is necessary to reach the external authentication service.

D is correct In some environments, user accounts reside in multiple directories (such as LDAP and RADIUS). An authentication sequence is a set of authentication profiles that the firewall tries to use for authenticating users when they log in. The firewall tries the profiles sequentially from the top of the list to the bottom—applying the authentication, Kerberos single sign-on, allow list, and account lockout values for each—until one profile successfully authenticates the user. The firewall only denies access if all profiles in the sequence fail to authenticate. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/device/device-authentication-sequence

D is correct

Reference: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/device/device-authentication-sequence

D. Makes the most sense.

D is correct

D is most accurate, C is clearly incorrect. Per PAN: Configure an authentication sequence. Required if you want the firewall to try multiple authentication profiles to authenticate users. The firewall evaluates the profiles in top-to-bottom order until one profile successfully authenticates the user.

Correct Answer C