Exam PCNSE All QuestionsBrowse all questions from this exam
Question 71

If an administrator does not possess a website's certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic when users browse to HTTP(S) websites?

    Correct Answer: A

    SSL Forward Proxy is the correct SSL decryption mode to use when an administrator does not possess the website's certificate, as it allows the Palo Alto Networks Next-Generation Firewall (NGFW) to inspect outbound SSL traffic. In this mode, the NGFW acts as an intermediary between the client and the external server, enabling the decryption and inspection of the traffic seen by users when they browse to HTTPS websites. This configuration permits the inspection of secure traffic without needing the actual server certificate.

Discussion
GabuuOption: A

its an outbound traffic so you will need SSL Forward proxy

UFanatOption: A

SSL inbound inspection can be used if you possess a website's certificate, otherwise - only SSL Forward Proxy

yziyziOption: A

Here, it's A

secdaddy

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV8CAK

AbuHussainOption: A

Answer: A

tururu1496Option: A

Answer: A

GivemeMoneyOption: A

It's A. SSL Forward Proxy

woody_Option: B

"If an administrator does not possess a website's certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to INSPECT traffic when users browse to HTTP(S) websites?" Should that not be B? SSL Forward Proxy mode does not inspect the SSL traffic but Inbound Inspection Decryption Mode does!

myname_1

I think the key here it says users, not external users. If it said external users, we would be looking at ssl inbound most likely.

Knowledge33

I though like you, but it's not correct. Don't matter about "If an administrator ..... certificate". Only focus to the rest of the sentence "which SSL ..... websites?" You'll see the answer is evident.

BreyargOption: A

no the answer is A. forward proxy. the direction is outbound not inbound.

MarshpillowzOption: A

Answer is A