Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 431

Which three external authentication services can the firewall use to authenticate admins into the Palo Alto Networks NGFW without creating administrator account on the local firewall? (Choose three.)

Answer options

• A. TACACS+
• B. Kerberos
• C. SAML
• D. RADIUS
• E. LDAP

Correct answer: A, C, D

Explanation

The correct answers are A, C, and D because TACACS+, SAML, and RADIUS are all protocols that allow for external authentication without needing local accounts. Kerberos and LDAP, while also authentication methods, do not meet the specific requirement of not requiring local accounts on the firewall.