Free Palo Alto Networks SSE-Engineer Actual Exam Questions - Question 6 Discussion
method is supported with mobile users?
C SAML is designed for web-based and mobile scenarios without needing an agent. It uses token-based authentication, which fits well with explicit proxies and mobile users. The others usually require agent support or integrated environments.
Option A works because LDAP just needs user credentials sent through the proxy, no extra agent needed. Kerberos usually won’t work without an agent to handle tickets, so it’s less likely here.
A imo, LDAP can work without agents since it just needs username and password over the proxy, unlike Kerberos which usually depends on integrated tickets. SAML and SSO often need extra infrastructure or agents.
Maybe C here since SAML is designed for web-based, agentless authentication which fits mobile users behind explicit proxies better than LDAP or Kerberos. SSO might require extra setup not always possible without agents.
It’s D since SSO can often be configured to handle mobile users without requiring any agent installation, using token-based or web-based authentication. Unlike LDAP or Kerberos, which rely on direct credential or ticket exchange that’s harder on mobile, SSO can integrate smoothly with cloud identity providers and work transparently through the proxy. SAML is close but usually forms part of SSO setups, so the broader SSO option covers various mobile-friendly auth flows better here.
A vs C? LDAP works with credentials only, but SAML fits no-agent mobile flows better.
C/D? SAML (C) is common for mobile since it uses web-based auth flows, but sometimes SSO (D) fits too if integrated properly. LDAP and Kerberos usually need more endpoint support, so they feel less likely here.
Probably C here. Since no agent can be installed, Kerberos (B) is tricky because it usually needs device support for tickets, and LDAP (A) often requires direct credential input which isn’t great on mobile. SAML (C) works through browser redirects and tokens, so it fits the mobile use case without agents better than SSO (D) if SSO relies on device integration. So for mobile users with explicit proxy and no agents, SAML seems like the smoother option.
It’s A, because LDAP can work directly with user credentials without needing device-side agents.
B imo, Kerberos isn’t practical on mobile without agents since it needs ticket exchange that devices can’t handle easily in explicit proxy setups. That leaves SAML as the smoother option.
Maybe C makes the most sense here since mobile users can authenticate via their browser with SAML without needing an agent installed. LDAP or Kerberos usually require more direct access or agents.
For mobile users without an agent, SAML (C) is usually the go-to for explicit proxy auth since it works well with browser-based flows.