What are three reasons for excluding a site from SSL decryption? (Choose three.)
What are three reasons for excluding a site from SSL decryption? (Choose three.)
There are several technical reasons for excluding a site from SSL decryption. Unsupported ciphers make it impossible to decrypt traffic because the decryption system cannot handle those encryption algorithms. Certificate pinning is a security feature that binds a service to a set of public keys to verify the legitimacy of the server; attempting to decrypt this traffic would invalidate the certificate. Mutual authentication requires both the client and server to authenticate each other, making it impractical to decrypt the traffic without breaking the authentication process.
Options BCE Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate chains, and unsupported ciphers. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/decryption-exclusions/exclude-a-server-from-decryption.html
BCE https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/decryption-exclusions/exclude-a-server-from-decryption
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/decryption-exclusions/exclude-a-server-from-decryption
B, C and E correct
BCE. Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate chains, and unsupported ciphers. For HTTP public key pinning (HPKP), most browsers that use HPKP permit Forward Proxy decryption as long as you install the enterprise CA certificate (or the certificate chain) on the client.
BCE are correct