As a best practice, which URL category should you target first for SSL decryption?
As a best practice, which URL category should you target first for SSL decryption?
In SSL decryption best practices, the primary focus should be on decrypting traffic from URL categories that are most likely to pose security threats. The 'High Risk' category includes sites that have the highest potential for malicious content, and decrypting this traffic first allows for the identification and mitigation of threats more effectively. Therefore, the 'High Risk' URL category is the best target to prioritize initially for SSL decryption.
https://docs.paloaltonetworks.com/best-practices/10-2/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment
Plan to decrypt the riskiest traffic first (URL categories most likely to harbor malicious traffic, such as gaming or high-risk) and then decrypt more as you gain experience https://docs.paloaltonetworks.com/advanced-url-filtering/administration/configuring-url-filtering/url-filtering-best-practices
Interestingly Both seems to be BPA: This answer might have 2 answers in the exam. Create policy to decrypt the rest of the traffic by configuring SSL Forward Proxy, SSL Inbound Inspection, and SSH Proxy rules. Always decrypt the online-storage-and-backup, web-based-email, web-hosting, personal-sites-and-blogs, content-delivery-networks, and high-risk URL categories. https://docs.paloaltonetworks.com/best-practices/10-1/decryption-best-practices/decryption-best-practices/deploy-ssl-decryption-using-best-practices
Plan to decrypt the riskiest traffic first (URL Categories most likely to harbor malicious traffic, such as gaming or high-risk) and then decrypt more as you gain experience. Alternatively, decrypt the URL Categories that don’t affect your business first (if something goes wrong, it won’t affect business), for example, news feeds. - Taken from PANOS10 best practices found in https://docs.paloaltonetworks.com/best-practices/10-0/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment
Online Storage and Backup is not an URL category so option B
please have a look here to see predefined URL categories: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5hCAC Also, on URL filtering profile we can find Online-Storage-and-Back and High-Risk, at least in PAN-OS 10.x
I suggest C as correct answer. https://docs.paloaltonetworks.com/best-practices/10-1/decryption-best-practices/decryption-best-practices/deploy-ssl-decryption-using-best-practices.html " . Always decrypt the online-storage-and-backup, web-based-email, web-hosting, personal-sites-and-blogs, content-delivery-networks, and high-risk URL categories. .."
Tricky question. Its B, https://docs.paloaltonetworks.com/best-practices/8-1/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment.html Phase in decryption. Plan to decrypt the riskiest traffic first (URL Categories most likely to harbor malicious traffic, such as gaming or high-risk)
As a best practice the high-risk category should be blocked, leaving only C
Nevermind, it's B, my assumption that high-risk should be blocked as a BP was wrong
Correct Answer is B. 'Online Storage and Backup is not a URL Category. "Always decrypt the online-storage-and-backup, web-based-email, web-hosting, personal-sites-and-blogs, content-delivery-networks, and high-risk URL categories. Limit SSH Proxy to administrators who manage network devices, log all SSH traffic, and configure Multi-Factor Authentication to prevent unauthorized SSH access." https://docs.paloaltonetworks.com/best-practices/10-0/decryption-best-practices/decryption-best-practices/deploy-ssl-decryption-using-best-practices
The question is referring to URL categories used as best practice for SSL decryption, and not all URL categories. Please read STEP 3 last bullet from here: https://docs.paloaltonetworks.com/best-practices/8-1/decryption-best-practices/decryption-best-practices/deploy-ssl-decryption-using-best-practices.html "If you can’t decypt everything, always decrypt the online-storage-and-backup, web-based-email, web-hosting, personal-sites-and-blogs, and content-delivery-networks URL categories."
Starting with PAN-OS 9.0 the paragraph include also high-risk URL categories at the end of the list.
The test is based off of 10.0 High risk is the first to decrypt. https://docs.paloaltonetworks.com/best-practices/10-0/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment.html