An administrator is assisting a security engineering team with a decryption rollout for inbound and forward proxy traffic. Incorrect firewall sizing is preventing the team from decrypting all of the traffic they want to decrypt.
Which three items should be prioritized for decryption? (Choose three.)
When an administrator is limited by firewall sizing and must prioritize traffic for decryption, it is most crucial to focus on the following: less-trusted internal IP subnets, high-risk traffic categories, and public-facing servers. These choices cover the most potentially dangerous and sensitive traffic. Less-trusted internal IP subnets may be exploited if not monitored, high-risk traffic categories (such as categories known for harboring threats) need to be decrypted to prevent breaches, and public-facing servers are prime targets for attacks and should be decrypted to secure sensitive exchange with external clients. Blocking known malicious IP space is a better approach than decrypting it, and financial, health, and government traffic may have regulations preventing their decryption.
CDE are correct answers
Agree on CDE
why do you want to decrypt known malicious IPs? Block them
BDE, we all know why not A, but why would you decrypt C...if you block that traffic (as you should) then security profiles are not even applied (even if you set them on a blocking security profile, they wont take any affect) so why set up a decryption profile for it?
I feel that B D E are correct https://docs.paloaltonetworks.com/best-practices/9-1/data-center-best-practices/data-center-best-practice-security-policy/how-to-decrypt-data-center-traffic Within the data center, decrypt as much east-west traffic as possible.If performance considerations due to incorrect firewall sizing prevent you from decrypting all traffic, prioritize the most critical servers, the highest risk traffic categories, and less trusted segments and IP subnets Answer: B. Less-trusted internal IP subnets >> less trusted segments and IP subnets D. High-risk traffic categories >> the highest risk traffic categories E. Public-facing servers >> prioritize the most critical servers meaning any servers that the company host that is protected by PAN FW > Therefore: prioritize the most critical servers,
I would go with BDE. C does not make any sense. You should block known malicious ip addresses with a an EDL in a security policy, not decrypt it.
CDE seems to be the answer they want but realistically, you would block C before it could even be decrypted. And you would definitely want to decrypt Government sites because many governments (especially local) are underfunded and have no budget for network/cyber security so they should be untrusted. They should have picked a better category like "streaming" which is more resource intensive to decrypt.
BDE. C should be blocked anyway so there is no need to decrypt it. A) Should not be decrypted due to regulations and privacy.
My opinion is that B, D, E are correct. C shouldn't be correct because you are supposed to block Known malicious IP space and not decrypt it. Option A (Financial, health, and government traffic categories) usually is not supposed to be decrypted due to regulatory compliance and data privacy.
BDE for sure
CDE will be correct
CDE are correct answers
B, D and E
B D E for sure.
This question was on the exam.. Nov 2023
changing my answer to BDE you should block C
should be C D E
A, C e D
CDE. See mohr posted link.