Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 172

An enterprise Information Security team has deployed policies based on AD groups to restrict user access to critical infrastructure systems. However, a recent phishing campaign against the organization has prompted information Security to look for more controls that can secure access to critical assets. For users that need to access these systems, Information Security wants to use PAN-OS multi-factor authentication (MFA) integration to enforce MFA.
What should the enterprise do to use PAN-OS MFA?

Answer options

• A. Use a Credential Phishing agent to detect, prevent, and mitigate credential phishing campaigns.
• B. Create an authentication profile and assign another authentication factor to be used by a Captive Portal authentication policy.
• C. Configure a Captive Portal authentication policy that uses an authentication sequence.
• D. Configure a Captive Portal authentication policy that uses an authentication profile that references a RADIUS profile.

Correct answer: B

Explanation

The correct answer is B because creating an authentication profile and assigning an additional authentication factor is essential for enforcing MFA in PAN-OS. Option A focuses on phishing detection rather than MFA, C does not specify the necessary authentication profile, and D mentions RADIUS, which is not required for basic MFA enforcement with PAN-OS.