NGFW-ENGINEER · Question #78
NGFW-ENGINEER Question #78: Real Exam Question with Answer & Explanation
The correct answer is C: Create a certificate profile that trusts the machine certificate's CA and assign it within the Gateway. Pre-logon using machine certificates requires the GlobalProtect Gateway to authenticate endpoints based on certificate trust, which is achieved by creating a certificate profile that trusts the issuing CA and assigning it in the Gateway Agent → Client Authentication settings so t
Question
An administrator is configuring a GlobalProtect pre-logon VPN. The administrator has already imported the necessary internal certificate authority (CA) certificates for issuing machine certificates onto the firewall. Which configuration is required on the GlobalProtect Gateway to enable pre-logon using these machine certificates?
Options
- ACreate a device-based Security policy that allows traffic from the pre-logon user to an internal
- BCreate an authentication profile that points to the machine certificate's CA and assign it by using
- CCreate a certificate profile that trusts the machine certificate's CA and assign it within the Gateway
- DConfigure the Gateway Agent --> Tunnel Settings to use IPSec with machine certificate
Explanation
Pre-logon using machine certificates requires the GlobalProtect Gateway to authenticate endpoints based on certificate trust, which is achieved by creating a certificate profile that trusts the issuing CA and assigning it in the Gateway Agent → Client Authentication settings so the gateway can validate machine certificates during pre-logon authentication.
Topics
Community Discussion
No community discussion yet for this question.