Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 374

An administrator wants to use LDAP, TACACS+, and Kerberos as external authentication services for authenticating users.

What should the administrator be aware of regarding the authentication sequence, based on the Authentication profiles in the order Kerberos, LDAP, and TACACS+?

Answer options

• A. The priority assigned to the Authentication profile defines the order of the sequence.
• B. The firewall evaluates the profiles in the alphabetical order the Authentication profiles have been named until one profile successfully authenticates the user.
• C. If the authentication times out for the first Authentication profile in the authentication sequence, no further authentication attempts will be made.
• D. The firewall evaluates the profiles in top-to-bottom order until one Authentication profile successfully authenticates the user.

Correct answer: D

Explanation

The correct answer is D because the firewall processes the Authentication profiles in a sequential manner from top to bottom. Option A is incorrect as priority does not define sequence; option B is wrong as alphabetical order is not used; and option C is misleading since further attempts will be made unless the first profile fails entirely.