Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 346

The NetSec Manager asked to create a new firewall Local Administrator profile with customized privileges named New_Admin. This new administrator has to authenticate without inserting any username or password to access the WebUI.

What steps should the administrator follow to create the New_Admin Administrator profile?

Answer options

• A. 1. Set the Authentication profile to Local. 2. Select the "Use only client certificate authentication" check box. 3. Set Role to Role Based.
• B. 1. Select the "Use only client certificate authentication" check box. 2. Set Role to Dynamic. 3. Issue to the Client a Certificate with Certificate Name = New Admin
• C. 1. Select the "Use only client certificate authentication" check box. 2. Set Role to Dynamic. 3. Issue to the Client a Certificate with Common Name = New_Admin
• D. 1. Select the "Use only client certificate authentication" check box. 2. Set Role to Role Based. 3. Issue to the Client a Certificate with Common Name = New Admin

Correct answer: D

Explanation

The correct answer is D because it specifies using client certificate authentication and assigns the correct role while also issuing a certificate with the appropriate Common Name. Option A is incorrect as it uses 'Role Based' but lacks the correct Common Name. Option B and C incorrectly use 'Dynamic' roles, which do not fit the requirement for a Local Administrator profile.