NGFW-ENGINEER · Question #52
NGFW-ENGINEER Question #52: Real Exam Question with Answer & Explanation
Sign in or unlock NGFW-ENGINEER to reveal the answer and full explanation for question #52. The question stem and answer options stay visible for context.
Question
A large enterprise wants to implement certificate-based authentication for both users and devices, using an on-premises Microsoft Active Directory Certificate Services (AD CS) hierarchy as the primary certificate authority (CA). The enterprise also requires Online Certificate Status Protocol (OCSP) checks to ensure efficient revocation status updates and reduce the overhead on its NGFWs. The environment includes multiple Active Directory forests, Panorama management for several geographically dispersed firewalls, GlobalProtect portals and gateways needing distinct certificate profiles for users and devices, and strict Security policies demanding frequent revocation checks with minimal latency. Which approach best addresses these requirements while maintaining consistent policy enforcement?
Options
- ADeploy self-signed certificates at each site to simplify local certificate validation and reduce
- BDistribute the root and intermediate CA certificates via Panorama as shared objects to ensure all
- CConfigure each firewall independently to trust the root and intermediate CA certificates. Rely only
- DObtain wildcard certificates from a public CA for both user and device authentication, and
Unlock NGFW-ENGINEER to see the answer
You've previewed enough free NGFW-ENGINEER questions. Unlock NGFW-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.