Palo Alto Networks NGFW Engineer — Question 17

An engineer is implementing a new rollout of SAML for administrator authentication across a company’s Palo Alto Networks NGFWs. User authentication on company firewalls is currently performed with RADIUS, which will remain available for six months, until it is decommissioned. The company wants both authentication types to be running in parallel during the transition to SAML.
Which two actions meet the criteria? (Choose two.)

Answer options

• A. Create a testing and rollback plan for the transition from Radius to SAML, as the two authentication profiles cannot be run in tandem.
• B. Create an authentication sequence that includes both the “RADIUS” Server Profile and “SAML Identity Provider” Server Profile to run the two services in tandem.
• C. Create and apply an authentication profile with the “SAML Identity Provider” Server Profile.
• D. Create and add the “SAML Identity Provider” Server Profile to the authentication profile for the “RADIUS” Server Profile.

Correct answer: A, C

Explanation

The correct answers are A and C because option A correctly identifies that RADIUS and SAML cannot run concurrently and emphasizes the need for a rollback plan, while option C focuses on creating a necessary authentication profile using SAML. Options B and D are incorrect because they suggest configurations that would require both authentication methods to function together, which is not feasible in this scenario.