Q: 3
An engineer is implementing a new rollout of SAML for administrator authentication across a
company’s Palo Alto Networks NGFWs. User authentication on company firewalls is currently
performed with RADIUS, which will remain available for six months, until it is decommissioned. The
company wants both authentication types to be running in parallel during the transition to SAML.
Which two actions meet the criteria? (Choose two.)
Options
Discussion
B and C both. The key is the authentication sequence (B) to allow SAML and RADIUS together, plus you need a SAML profile (C). D tempts you but doesn't support parallel auth properly. Pretty sure that's right based on what I've seen.
C/D? I think creating the SAML profile (C) with adding SAML into the RADIUS authentication profile (D) should let both run together.
B . The catch is D doesn't let you sequence both providers, only B+C actually gets SAML and RADIUS working side by side. Palo Alto needs auth sequences for true parallel, not stacking profiles in D. Seen this edge trip up on other practice sets.
It’s B and C here. D looks tempting but that’s not actually how you combine both methods in parallel, you need the auth sequence (B) and a SAML profile (C). Seen this trip up people before on practice tests.
B tbh, saw a similar question on a practice set and B was correct.
B and C
D
B/C saw this one in some exam reports, looks like that's the combo for running SAML and RADIUS together.
Official docs and the admin guide for PAN-OS cover this SAML + RADIUS setup. Anyone using labs for this scenario?
B and C here. B sets up an authentication sequence so you can use both SAML and RADIUS at the same time, C gets the new SAML part ready. D isn't right since you can't just add SAML to a RADIUS profile. I think these two are what's needed, but open if anyone's configured this differently.
Be respectful. No spam.
