PCNSE Question #657: Real Exam Question with Answer & Explanation

The correct answer is B: TACACS+. The administrative accounts are defined on an external SAML, TACACS+, or RADIUS server. The server performs both authentication and authorization. For authorization, you define Vendor- Specific Attributes (VSAs) on the TACACS+ or RADIUS server, or SAML attributes on the SAML serv

Submitted by lukas.cz· Apr 18, 2026Deploy and Configure

Question

Which three external services perform both authentication and authorization for administration of firewalls? (Choose three.)

Options

AKerberos
BTACACS+
CSAML
DRadius
ELDAP

Explanation

The administrative accounts are defined on an external SAML, TACACS+, or RADIUS server. The server performs both authentication and authorization. For authorization, you define Vendor- Specific Attributes (VSAs) on the TACACS+ or RADIUS server, or SAML attributes on the SAML server. PAN-OS maps the attributes to administrator roles, access domains, user groups, and virtual systems that you define on the firewall. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage- firewall-administrators/administrative-authentication

Topics

#External Authentication#External Authorization#Firewall Administration#AAA Protocols

Community Discussion

No community discussion yet for this question.

Full PCNSE Practice Browse All PCNSE Questions