PCNSE · Question #51
PCNSE Question #51: Real Exam Question with Answer & Explanation
The correct answer is C: Machine certificate. The pre-logon connect method establishes a VPN tunnel before any user logs in to the endpoint. Because no user credentials exist at that stage, authentication must be device-based. Machine certificates - installed in the computer's local machine certificate store - authenticate t
Question
Which Public Key infrastructure component is used to authenticate users for GlobalProtect when the Connect Method is set to pre-logon?
Options
- ACertificate revocation list
- BTrusted root certificate
- CMachine certificate
- DOnline Certificate Status Protocol
Explanation
The pre-logon connect method establishes a VPN tunnel before any user logs in to the endpoint. Because no user credentials exist at that stage, authentication must be device-based. Machine certificates - installed in the computer's local machine certificate store - authenticate the endpoint device itself to the GlobalProtect Gateway, enabling the pre-logon tunnel. A Certificate Revocation List (A) and OCSP (D) are mechanisms for checking certificate validity, not for authentication. A Trusted Root Certificate (B) is needed to validate certificates but does not itself authenticate the machine.
Topics
Community Discussion
No community discussion yet for this question.