New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks NetSec-Analyst Exam - Topic 4 Question 1 Discussion

Actual exam question for Palo Alto Networks's NetSec-Analyst exam
Question #: 1
Topic #: 4
[All NetSec-Analyst Questions]

Which two actions in the IKE Gateways will allow implementation of post-quantum cryptography when building VPNs between multiple Palo Alto Networks NGFWs? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C, D

To implement post-quantum cryptography (PQC) in VPNs between Palo Alto Networks NGFWs, you would enable the PQ KEM (Post-Quantum Key Encapsulation Mechanism) in the IKE gateway configuration. This enables the firewall to use quantum-resistant encryption for key exchange, which is an essential part of securing communications against the potential future threats posed by quantum computing.

By selecting IKE v2 Preferred and enabling the PQ KEM option under Advanced Options, you can add specific Rounds for the post-quantum cryptography process, which will help in implementing quantum-resistant key exchange methods.

This option similarly selects IKE v2 and enables PQ KEM while also creating a dedicated IKE Crypto Profile with the necessary Rounds configured for post-quantum cryptography.


by Xochitl at Nov 19, 2025, 05:22 PM

Limited Time Offer

25%

Off

Get Premium NetSec-Analyst Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kenda
1 day ago
Wait, can we really trust post-quantum methods yet? Seems risky.
upvoted 0 times
...
Silva
6 days ago
Definitely A and D! Those options are crucial for security.
upvoted 0 times
...
Hoa
12 days ago
D looks good to me. Creating an IKE Crypto Profile with the PQ KEM and Rounds seems like the most comprehensive solution.
upvoted 0 times
...
Princess
17 days ago
B is definitely not the answer. Importing a post-quantum certificate? That's like trying to fit a square peg in a round hole.
upvoted 0 times
...
Dell
22 days ago
I think C is the way to go. Enabling the PQ KEM and adding "Rounds" sounds like the most straightforward approach.
upvoted 0 times
...
Kami
27 days ago
A and D seem like the right options, but I'm not sure about the "Rounds" part. Sounds like a game of Monopoly to me!
upvoted 0 times
...
Salena
1 month ago
I’m a bit confused about the "Rounds" mentioned in options C and D. I think I need to review that section again to be sure.
upvoted 0 times
...
Portia
1 month ago
I feel like I came across something similar in our last practice exam, and I think option D could be correct since it mentions creating an IKE Crypto Profile.
upvoted 0 times
...
Aja
1 month ago
I remember practicing with IKE v2 and the importance of using certificates, so option B might be a good choice, but I’m not confident about the post-quantum derived certificate part.
upvoted 0 times
...
Armanda
2 months ago
I think option A sounds familiar, but I'm not entirely sure about the specifics of the post-quantum pre-shared key.
upvoted 0 times
...
Aracelis
2 months ago
I'm a little unsure about this one. I think the answer might be A and D, but I'm not 100% sure. I'll probably just focus on those two options and try to reason through the details during the exam.
upvoted 0 times
...
Carmela
2 months ago
I'm pretty confident the answer is C and D. Those are the only options that mention the "PQ KEM" setting, which is likely what the question is asking about for post-quantum crypto in the IKE Gateways.
upvoted 0 times
...
Rebbecca
2 months ago
Okay, I think I've got it. The key is that the question is asking about IKE Gateways specifically. So the right answers are B and D, since those are the only ones that mention IKE v2 and the relevant post-quantum settings.
upvoted 0 times
...
Alaine
2 months ago
I agree, A is solid. But D seems more complex.
upvoted 0 times
...
Yuriko
2 months ago
I think A and D are the best choices. They focus on strong keys.
upvoted 0 times
...
Olive
3 months ago
A and D are the right choices for post-quantum cryptography!
upvoted 0 times
...
Eladia
3 months ago
I think B is also important, but not sure about A.
upvoted 0 times
...
Kenia
3 months ago
Hmm, I'm a bit confused. I thought the question was asking about IKE Gateways, not the overall VPN configuration. I'm not sure if the answer is A or D, I'll have to think about this more.
upvoted 0 times
...
Gary
3 months ago
I'm pretty sure the answer is A and D. The question is asking about implementing post-quantum cryptography in Palo Alto VPNs, and those two options seem to be the ones that specifically mention the relevant settings.
upvoted 0 times
...

Save Cancel