NGFW-ENGINEER · Question #90
NGFW-ENGINEER Question #90: Real Exam Question with Answer & Explanation
The correct answer is A: LDAP server profile. An LDAP server profile must be created first because it defines the connection parameters to the Active Directory server, enabling the firewall to query directory services and retrieve user and group information required for group-based policy enforcement.
Question
A network security engineer wants to create Security policy rules that allow or deny traffic based on a user's department, which corresponds to groups in the company's Active Directory. To achieve this, the firewall needs to retrieve group information from the directory server. Which configuration object must be created first to establish the connection with the Active Directory server?
Options
- ALDAP server profile
- BUser-ID agent service account
- CAuthentication sequence
- DKerberos server profile
Explanation
An LDAP server profile must be created first because it defines the connection parameters to the Active Directory server, enabling the firewall to query directory services and retrieve user and group information required for group-based policy enforcement.
Topics
Community Discussion
No community discussion yet for this question.