Palo Alto Networks SSE Engineer — Question 47

Which statement is valid in relation to certificates used for GlobalProtect and pre-logon?

Answer options

• A. A public certificate authority (CA) must sign and validate all certificates used.
• B. The certificate used for pre-logon must include both Subject and Subject-Alt fields.
• C. Certificates must be deployed in the Machine Certificate Store.
• D. The GlobalProtect agent may be used to distribute pre-logon certificates.

Correct answer: C

Explanation

The correct answer is C because certificates for GlobalProtect must be placed in the Machine Certificate Store to be recognized by the system. Option A is incorrect as not all certificates necessarily require a public CA for validation. Option B is also incorrect because while Subject and Subject-Alt fields are important, they are not mandatory for all pre-logon certificates. Option D is false as the GlobalProtect agent does not handle the distribution of pre-logon certificates.