Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 251

What is a correct statement regarding administrative authentication using external services with a local authorization method?

Answer options

• A. The administrative accounts you define on an external authentication server serve as references to the accounts defined locally on the firewall.
• B. Prior to PAN-OS 10.2, an administrator used the firewall to manage role assignments, but access domains have not been supported by this method.
• C. Starting with PAN-OS 10.2, an administrator needs to configure Cloud Identity Engine to use external authentication services for administrative authentication.
• D. The administrative accounts you define locally on the firewall serve as references to the accounts defined on an external authentication server.

Correct answer: D

Explanation

The correct answer is D because local administrative accounts can reference external accounts, allowing for unified management. Option A is incorrect as it reverses the relationship, claiming external accounts reference local ones. Option B is outdated information about role assignments and does not address the relationship between local and external authentication. Option C incorrectly states that Cloud Identity Engine is required for administrative authentication, which is not necessary for using local accounts.