A network security administrator wants to configure SSL inbound inspection.
Which three components are necessary for inspecting the HTTPS traffic as it enters the firewall? (Choose three.)
A network security administrator wants to configure SSL inbound inspection.
Which three components are necessary for inspecting the HTTPS traffic as it enters the firewall? (Choose three.)
For configuring SSL inbound inspection on a firewall, it is necessary to have the web server's security certificate with the private key to enable decryption of traffic. A decryption policy is also required to dictate which traffic will be inspected. While a decryption profile is highly recommended for defining the parameters and security measures during inspection, it is essential in most practical configurations to ensure thorough security and policy enforcement.
Correct answer B,C,D https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/configure-ssl-inbound-inspection
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNBoCAO
Reference: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/configure-ssl-inbound-inspection
Configuring SSL Inbound Inspection includes: - Installing the targeted server certificate on the firewall. - Creating an SSL Inbound Inspection Decryption policy rule. - Applying a Decryption profile to the policy rule.
BCD correct answers
B, C and D correct
B. The web server's security certificate with the private key C. A Decryption profile D. A Decryption policy
B and D are mandatory (server's certificate and private key + decryption policy). C decryption profile is not mandatory but is highly recommended. Even when you set up SSL Inbound Inspection policy, certificate setting is highlighted in red framing meaning it's mandatory, while decryption profile setting in the policy does NOT have red framing, meaning that it's not mandatory. So the syntax of this question and provided options for answers are not really 100% correct.
Definetly B and D, but a Decryption Profile is not necessary: "Although Decryption profiles are optional, it is best to include a Decryption profile with each Decryption policy rule to prevent weak, vulnerable protocols and algorithms from allowing questionable traffic on your network". The questions asks for necessary components.
BCD Use SSL Inbound Inspection to decrypt and inspect inbound SSL traffic destined for a network server (you can perform SSL Inbound Inspection for any server if you load the server certificate onto the firewall). With an SSL Inbound Inspection Decryption policy enabled, the firewall decrypts all SSL traffic identified by the policy to clear text traffic and inspects it. The firewall blocks, restricts, or allows the traffic based on the Decryption profile attached to the policy and the Security policy that applies to the traffic, including any configured Antivirus, Vulnerability Protection, Anti-Spyware, URL Filtering, and File Blocking profiles. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/configure-ssl-inbound-inspection
BCD correct answers
as a link from evdw