ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 472 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 472
Topic #: 1
[All PCNSE Questions]

An administrator wants to use LDAP, TACACS+, and Kerberos as external authentication services for authenticating users.

What should the administrator be aware of regarding the authentication sequence, based on the Authentication profiles in the order Kerberos, LDAP, and TACACS+?

  • A. The priority assigned to the Authentication profile defines the order of the sequence.
  • B. The firewall evaluates the profiles in the alphabetical order the Authentication profiles have been named until one profile successfully authenticates the user.
  • C. If the authentication times out for the first Authentication profile in the authentication sequence, no further authentication attempts will be made.
  • D. The firewall evaluates the profiles in top-to-bottom order until one Authentication profile successfully authenticates the user.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by evdw at Jan. 3, 2023, 9:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
aatechler
Highly Voted 1 year, 12 months ago
Selected Answer: D
from study guide :- When user or administrative access is configured, one or more authentication methods must be specified. A user or administrator definition typically requires an Authentication Profile that specifies the desired authentication method. When more than one method is desired, you can instead use an Authentication Sequence, which is a list of Authentication Profiles. The first profile will be accessed. If it is not available, the next option will be tried. An Authentication Profile specifies a single Server Profile. A Server Profile contains specific configuration and access information that is necessary to reach the external authentication service.
upvoted 10 times
...
Maryamk
Highly Voted 2 years ago
D is correct In some environments, user accounts reside in multiple directories (such as LDAP and RADIUS). An authentication sequence is a set of authentication profiles that the firewall tries to use for authenticating users when they log in. The firewall tries the profiles sequentially from the top of the list to the bottom—applying the authentication, Kerberos single sign-on, allow list, and account lockout values for each—until one profile successfully authenticates the user. The firewall only denies access if all profiles in the sequence fail to authenticate. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/device/device-authentication-sequence
upvoted 5 times
...
Marshpillowz
Most Recent 11 months, 2 weeks ago
Selected Answer: D
D is correct
upvoted 1 times
...
Marbot
1 year, 10 months ago
Selected Answer: D
Reference: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/device/device-authentication-sequence
upvoted 2 times
duckduckgooo
1 year, 9 months ago
new link https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/device/device-authentication-sequence
upvoted 1 times
...
...
DenskyDen
1 year, 11 months ago
Selected Answer: D
D. Makes the most sense.
upvoted 4 times
...
djedeen
2 years ago
Selected Answer: D
D is most accurate, C is clearly incorrect. Per PAN: Configure an authentication sequence. Required if you want the firewall to try multiple authentication profiles to authenticate users. The firewall evaluates the profiles in top-to-bottom order until one profile successfully authenticates the user.
upvoted 2 times
...
evdw
2 years ago
Selected Answer: C
Correct Answer C
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel