Palo Alto Networks NGFW Engineer — Question 15

Which two actions in the IKE Gateways will allow implementation of post-quantum cryptography when building VPNs between multiple Palo Alto Networks NGFWs? (Choose two.)

Answer options

• A. Select IKE v2, enable the Advanced Options  PQ PPK, then set a 64+ character string for the post-quantum pre shared key.
• B. Ensure Authentication is set to “certificate,” then import a post-quantum derived certificate.
• C. Select IKE v2 Preferred, enable the Advanced Options  PQ KEM, then add one or more “Rounds.”
• D. Select IKE v2, enable the Advanced Options  PQ KEM, then create an IKE Crypto Profile with Advanced Options adding one or more “Rounds.”

Correct answer: A, D

Explanation

Answer A is correct because it specifies the use of IKE v2 with a designated post-quantum pre shared key, which is essential for post-quantum cryptography. Answer D is also correct as it involves selecting IKE v2 and utilizing PQ KEM in an IKE Crypto Profile with specified rounds. Options B and C do not directly support the implementation of post-quantum cryptography in the same manner as A and D.