NGFW-Engineer Exam Question 21

An organization has configured GlobalProtect in a hybrid authentication model using both certificate-based authentication for the pre-logon stage and SAML-based multi-factor authentication (MFA) for user logon.
How does the GlobalProtect agent process the authentication flow on Windows endpoints?
  • NGFW-Engineer Exam Question 22

    What is a key difference between OSPF and BGP when used in a Palo Alto Networks firewall?
  • NGFW-Engineer Exam Question 23

    Which two statements describe an external zone in the context of virtual systems (VSYS) on a Palo Alto Networks firewall? (Choose two.)
  • NGFW-Engineer Exam Question 24

    An organization wants to protect its internal network from previously unknown malware that does not match any existing signatures.
    Which NGFW feature BEST addresses this requirement?
  • NGFW-Engineer Exam Question 25

    A large enterprise wants to implement certificate-based authentication for both users and devices, using an on-premises Microsoft Active Directory Certificate Services (AD CS) hierarchy as the primary certificate authority (CA). The enterprise also requires Online Certificate Status Protocol (OCSP) checks to ensure efficient revocation status updates and reduce the overhead on its NGFWs. The environment includes multiple Active Directory forests, Panorama management for several geographically dispersed firewalls, GlobalProtect portals and gateways needing distinct certificate profiles for users and devices, and strict Security policies demanding frequent revocation checks with minimal latency.
    Which approach best addresses these requirements while maintaining consistent policy enforcement?