NGFW-ENGINEER Question #1: Real Exam Question with Answer & Explanation

Question

In a Palo Alto Networks environment, GlobalProtect has been enabled using certificate-based authentication for both users and devices. To ensure proper validation of certificates, one or more certificate profiles are configured. What function do certificate profiles serve in this context?

Options

• AThey store private keys for users and devices, effectively allowing the firewall to issue or reissue
• BThey define trust anchors (root / intermediate Certificate Authorities (CAs)), specify revocation
• CThey allow the firewall to bypass certificate validation entirely, focusing only on username /
• DThey provide a one-click mechanism to distribute certificates to all endpoints without relying on

Explanation

In the context of GlobalProtect with certificate-based authentication, certificate profiles are used to ensure proper validation of the certificates. They perform the following functions: Define trust anchors, which are the root and intermediate Certificate Authorities (CAs) that the firewall trusts to authenticate certificates. Specify revocation checks, such as CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol), to ensure that the certificates being used have not been revoked. Map certificate attributes, such as the Common Name (CN), which helps in authenticating users and devices based on their certificates.

No community discussion yet for this question.