Palo Alto Networks NGFW Engineer — Question 68
A network security engineer wants to create Security policy rules that allow or deny traffic based on a user's department, which corresponds to groups in the company's Active Directory. To achieve this, the firewall needs to retrieve group information from the directory server.
Which configuration object must be created first to establish the connection with the Active Directory server?
Answer options
- A. LDAP server profile
- B. User-ID agent service account
- C. Authentication sequence
- D. Kerberos server profile
Correct answer: A
Explanation
The correct answer is A, the LDAP server profile, as it is essential for the firewall to communicate with the Active Directory and retrieve group information. The other options, such as the User-ID agent service account, authentication sequence, and Kerberos server profile, are not the primary objects needed to establish the initial connection with Active Directory.