Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Question 472

An administrator wants to use LDAP, TACACS+, and Kerberos as external authentication services for authenticating users.

What should the administrator be aware of regarding the authentication sequence, based on the Authentication profiles in the order Kerberos, LDAP, and TACACS+?

The priority assigned to the Authentication profile defines the order of the sequence.

The firewall evaluates the profiles in the alphabetical order the Authentication profiles have been named until one profile successfully authenticates the user.

If the authentication times out for the first Authentication profile in the authentication sequence, no further authentication attempts will be made.

The firewall evaluates the profiles in top-to-bottom order until one Authentication profile successfully authenticates the user.

Correct Answer: D

When using multiple authentication profiles, the firewall evaluates them in a top-to-bottom order according to the defined authentication sequence until one profile successfully authenticates the user. If the first authentication profile fails, the firewall will proceed to the next one in the list and continue this process until an authentication is successful or all profiles have been tried and failed.

Discussion

aatechlerOption: D

from study guide :- When user or administrative access is configured, one or more authentication methods must be specified. A user or administrator definition typically requires an Authentication Profile that specifies the desired authentication method. When more than one method is desired, you can instead use an Authentication Sequence, which is a list of Authentication Profiles. The first profile will be accessed. If it is not available, the next option will be tried. An Authentication Profile specifies a single Server Profile. A Server Profile contains specific configuration and access information that is necessary to reach the external authentication service.

[Removed]Option: D

D is correct

MaryamkOption: D

D is correct In some environments, user accounts reside in multiple directories (such as LDAP and RADIUS). An authentication sequence is a set of authentication profiles that the firewall tries to use for authenticating users when they log in. The firewall tries the profiles sequentially from the top of the list to the bottom—applying the authentication, Kerberos single sign-on, allow list, and account lockout values for each—until one profile successfully authenticates the user. The firewall only denies access if all profiles in the sequence fail to authenticate. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/device/device-authentication-sequence

DenskyDenOption: D

D. Makes the most sense.

evdwOption: C

Correct Answer C

MarbotOption: D

Reference: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/device/device-authentication-sequence

duckduckgooo

new link https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/device/device-authentication-sequence

djedeenOption: D

D is most accurate, C is clearly incorrect. Per PAN: Configure an authentication sequence. Required if you want the firewall to try multiple authentication profiles to authenticate users. The firewall evaluates the profiles in top-to-bottom order until one profile successfully authenticates the user.

MarshpillowzOption: D

D is correct