Palo Alto Networks (PANW) Certified Network Security Administrator (PCNSA) Practice Exam

Which two external authentication methods can be used with Authentication Profiles in PAN-OS?

• A. LDAP and HTTP
• B. RADIUS and TACACS+
• C. RADIUS and LDAP
• D. Kerberos and SAML

The correct answer is: RADIUS and LDAP

The correct answer indicates that RADIUS and LDAP are both valid external authentication methods that can be used with Authentication Profiles in PAN-OS. RADIUS, which stands for Remote Authentication Dial-In User Service, is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service. This protocol is commonly used for network access and can easily integrate with various network devices, including Palo Alto firewalls, allowing for flexible user authentication. LDAP, or Lightweight Directory Access Protocol, is another widely used protocol for accessing and maintaining distributed directory information services. It is often used for authenticating users against directory services like Microsoft Active Directory or OpenLDAP. Utilizing LDAP in PAN-OS allows for streamlined management of user identities and access rights in a corporate environment. Both RADIUS and LDAP can be effectively integrated into the Palo Alto Networks firewall's authentication framework through Authentication Profiles, enhancing security by leveraging existing directory structures and centralized authentication solutions. Other options, while they include valid protocols, do not pertain to external authentication methods specifically supported in this context with PAN-OS's Authentication Profiles. For instance, TACACS+ is also a valid authentication method but is not paired with RADIUS which diminishes that choice. Similarly, while