NGFW-ENGINEER · Question #121
NGFW-ENGINEER Question #121: Real Exam Question with Answer & Explanation
The correct answer is D: Certificate-based authentication for pre-logon and SAML authentication for user logon.. Pre-logon requires certificate-based authentication so the device can establish the tunnel before user login, enabling IT administrators to run scripts and push updates at the machine level. User logon must use SAML authentication to integrate with the cloud identity provider and
Question
An organization needs a GlobalProtect solution that meets two key requirements: - IT administrators must be able to run scripts and push updates to endpoints before a user logs in. - Users must authenticate with their cloud identity provider, which is protected by multi-factor authentication (MFA). Which GlobalProtect authentication configuration should be used to meet both requirements?
Options
- ACookie-based authentication for both pre-logon and user logon.
- BSAML authentication for pre-logon and certificate-based authentication for user logon.
- CSingle authentication profile using Kerberos to handle both pre-logon and user logon.
- DCertificate-based authentication for pre-logon and SAML authentication for user logon.
Explanation
Pre-logon requires certificate-based authentication so the device can establish the tunnel before user login, enabling IT administrators to run scripts and push updates at the machine level. User logon must use SAML authentication to integrate with the cloud identity provider and enforce MFA for user authentication.
Topics
Community Discussion
No community discussion yet for this question.