Examice

Exam PSE Strata All QuestionsBrowse all questions from this exam

Question 109

Which decryption requirement ensures that inspection can be provided to all inbound traffic routed to internal application and database servers?

Installation of certificates from the application server and database server on the NGFW and configuration of an SSL Inbound Decryption policy

Installation of a trusted root CA certificate on the NGFW and configuration of an SSL Inbound Decryption policy

Configuration of an SSL Inbound Decryption policy using one of the built-in certificates included in the certificate store

Configuration of an SSL Inbound Decryption policy without installing certificates

Correct Answer: A

To ensure inspection of all inbound traffic routed to internal application and database servers, it is necessary to install certificates from the application server and database server on the Next-Generation Firewall (NGFW) and configure an SSL Inbound Decryption policy. This is because SSL/TLS decryption hinges on the firewall's ability to intercept and decrypt encrypted traffic, which requires the appropriate certificates to be installed on the firewall.

Discussion

ArangoTopics

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-inbound-inspection