Palo Alto Networks Exam NGFW-Engineer Topic 3 Question 3 Discussion

Actual exam question for Palo Alto Networks's NGFW-Engineer exam

Question #: 3
Topic #: 3

An engineer is implementing a new rollout of SAML for administrator authentication across a company's Palo Alto Networks NGFWs. User authentication on company firewalls is currently performed with RADIUS, which will remain available for six months, until it is decommissioned. The company wants both authentication types to be running in parallel during the transition to SAML.

Which two actions meet the criteria? (Choose two.)

ACreate a testing and rollback plan for the transition from Radius to SAML, as the two authentication profiles cannot be run in tandem.

BCreate an authentication sequence that includes both the ''RADIUS'' Server Profile and ''SAML Identity Provider'' Server Profile to run the two services in tandem.

CCreate and apply an authentication profile with the ''SAML Identity Provider'' Server Profile.

DCreate and add the ''SAML Identity Provider'' Server Profile to the authentication profile for the ''RADIUS'' Server Profile.

Show Suggested Answer

Suggested Answer: B, D

To enable both RADIUS and SAML authentication to run in parallel during the transition period, you need to configure an authentication sequence and an authentication profile that includes both authentication methods.

By creating an authentication sequence that includes both RADIUS and SAML server profiles, the firewall will attempt authentication with RADIUS first and, if that fails, will fall back to SAML. This enables both authentication types to function simultaneously during the transition period.

You can also configure an authentication profile that includes both the RADIUS Server Profile and the SAML Identity Provider server profile. This setup allows the firewall to use both RADIUS and SAML for authentication requests, and it will check both authentication methods in parallel.

by Harris at Apr 09, 2025, 12:19 AM

Limited Time Offer

25%

Off

Get Premium NGFW-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lauryn

1 months ago

B is the way to go. Gotta keep that RADIUS option open for the next 6 months, am I right? *winks*

upvoted 0 times

Nan

6 days ago

B) Create an authentication sequence that includes both the ''RADIUS'' Server Profile and ''SAML Identity Provider'' Server Profile to run the two services in tandem.

upvoted 0 times

...

2 months ago

B is the correct answer. You need both the RADIUS and SAML profiles to run in parallel during the transition period.

upvoted 0 times

Denny

20 days ago

C) Create and apply an authentication profile with the ''SAML Identity Provider'' Server Profile.

upvoted 0 times

...

Ilene

24 days ago

B) Create an authentication sequence that includes both the ''RADIUS'' Server Profile and ''SAML Identity Provider'' Server Profile to run the two services in tandem.

upvoted 0 times

...

Alverta

27 days ago

D) Create and add the ''SAML Identity Provider'' Server Profile to the authentication profile for the ''RADIUS'' Server Profile.

upvoted 0 times

...

Jenelle

1 months ago

B) Create an authentication sequence that includes both the ''RADIUS'' Server Profile and ''SAML Identity Provider'' Server Profile to run the two services in tandem.

upvoted 0 times

...

Leandro

2 months ago

I think option B is the correct answer because it mentions running both RADIUS and SAML in tandem.

upvoted 0 times

...