Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks NGFW-Engineer Exam - Topic 3 Question 23 Discussion

A PA-Series firewall with all licensable features is being installed. The customer's Security policy requires that users do not directly access websites. Instead, a security device must create the connection, and there must be authentication back to the Active Directory servers for all sessions.Which action meets the requirements in this scenario?
D) Deploy the explicit proxy with Kerberos authentication scheme.
A) Deploy the transparent proxy with Web Cache Communications Protocol (WCCP).
B) Deploy the Next-Generation Firewalls as normal and install the User-ID agent.
C) Deploy the Advanced URL Filtering license and captive portal.

Palo Alto Networks NGFW-Engineer Exam - Topic 3 Question 23 Discussion

Actual exam question for Palo Alto Networks's NGFW-Engineer exam
Question #: 23
Topic #: 3
[All NGFW-Engineer Questions]

A PA-Series firewall with all licensable features is being installed. The customer's Security policy requires that users do not directly access websites. Instead, a security device must create the connection, and there must be authentication back to the Active Directory servers for all sessions.

Which action meets the requirements in this scenario?

Show Suggested Answer Hide Answer
Suggested Answer: D

In this scenario, the customer requires that users do not directly access websites and that a security device (the firewall) manages the connection, while also ensuring that there is authentication back to the Active Directory (AD) servers for all sessions. The explicit proxy with Kerberos authentication is the best solution because:

The explicit proxy allows the firewall to intercept user web traffic and manage the connections on behalf of users.

Kerberos authentication ensures that the user's identity is validated against the Active Directory servers before the session is allowed, fulfilling the authentication requirement.


by Xochitl at Jun 17, 2026, 06:12 AM

Limited Time Offer

25%

Off

Get Premium NGFW-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel

Currently there are no comments in this discussion, be the first to comment!


Save Cancel