To comply with new directives mandating the use of quantum-resistant cryptography for all data-in-transit, a network engineer is tasked with reconfiguring existing IKEv2 VPN tunnels between PA-Series firewalls to meet this requirement. Which two actions should the engineer take to ensure compliance? (Choose two answers)

A. Configure an IKE Crypto profile with one or more post-quantum rounds selected and apply it to an IKE Gateway configured for the post-quantum key exchange mechanism.
B. Establish a shared secret of at least 64 characters and configure it as a post-quantum pre-shared key (PPK) within an IKEv2-only IKE Gateway.
C. Generate a post-quantum pre-shared key (PPK) and apply it within the IPSec tunnel configuration's advanced settings.
D. Enable GlobalProtect with quantum-resistant tunneling and apply the profile to the IKE Gateway.

Correct Answer: A,B

Brave-Dump Clients Votes

AB 100%

Comments

Anonymous User 2026-02-28 02:56:24

Selected Answers: A, B

Implement Post-Quantum Pre-Shared Keys (PQ PPKs) based on RFC 8784.
Implement Post-Quantum Key Exchange (PQ KEM) Hybrid Keys based on RFC 9242 and RFC 9370.