Which three external services perform both authentication and authorization for administration of firewalls? (Choose three.)
Which three external services perform both authentication and authorization for administration of firewalls? (Choose three.)
TACACS+, SAML, and RADIUS are external services that perform both authentication and authorization for the administration of firewalls. TACACS+ can handle authentication, authorization, and accounting (AAA) services. SAML is used for single sign-on (SSO) and can handle both authentication and authorization across different services. RADIUS is widely used for authentication and authorization, particularly in network access and management scenarios. Kerberos primarily handles authentication, and while it can be involved in authorization, it is not typically used in this capacity for firewall administration. LDAP, on the other hand, is more focused on directory services and is typically used for authentication rather than authorization in the context of firewalls.
The administrative accounts are defined on an external SAML, TACACS+, or RADIUS server. The server performs both authentication and authorization. For authorization, you define Vendor-Specific Attributes (VSAs) on the TACACS+ or RADIUS server, or SAML attributes on the SAML server. PAN-OS maps the attributes to administrator roles, access domains, user groups, and virtual systems that you define on the firewall. For details, see:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication
B, C and D correct
Updated link- https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication Same info, "The administrative accounts are defined on an external SAML, TACACS+, or RADIUS server. The server performs both authentication and authorization. For authorization, you define Vendor-Specific Attributes (VSAs) on the TACACS+ or RADIUS server, or SAML attributes on the SAML server. PAN-OS maps the attributes to administrator roles, access domains, user groups, and virtual systems that you define on the firewall. "
Similar to Question 46.
BCD. See link posted by Maryamk.