Palo Alto Networks NGFW Engineer — Question 48

A network administrator needs to replace the default self-signed certificate on a firewall with one signed by the company's internal certificate authority (CA).

Which two firewall features would require this new certificate to be assigned via an SSL/TLS service profile? (Choose two.)

Answer options

• A. User-ID agent redistribution
• B. RADIUS server authentication
• C. Authentication portal
• D. GlobalProtect gateway

Correct answer: C, D

Explanation

The correct answers are C and D because both the Authentication portal and the GlobalProtect gateway utilize SSL/TLS for secure communication, requiring a valid signed certificate for proper functionality. Options A and B do not specifically rely on SSL/TLS service profiles for their operations.