Exam PCNSE All QuestionsBrowse all questions from this exam
Go to Exam
Question 183

A firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (CAs): i. Enterprise-Trusted-CA, which is verified as Forward Trust Certificate (The CA is also installed in the trusted store of the end-user browser and system.) ii. Enterprise-Untrusted-CA, which is verified as Forward Untrust Certificate iii. Enterprise-Intermediate-CA iv. Enterprise-Root-CA, which is verified only as Trusted Root CA

An end-user visits https://www.example-website.com/ with a server certificate Common Name (CN): www.example-website.com. The firewall does the SSL

Forward Proxy decryption for the website and the server certificate is not trusted by the firewall.

The end-user's browser will show that the certificate for www. example-website.com was issued by which of the following?

    Correct Answer: D

    When the firewall performs SSL Forward Proxy decryption for a website, the server certificate that is not trusted by the firewall will be re-signed by the Enterprise-Untrusted-CA, which is configured as the Forward Untrust Certificate. This ensures that the end user's browser will indicate the certificate is issued by Enterprise-Untrusted-CA, alerting the user to the untrusted nature of the certificate.

Discussion
homersimpsonOption: D

D is the answer.

MarcyyOption: D

Should be D.

MicutzuOption: D

D is correct

UFanatOption: D

Enterprise-Trusted-CA is installed in the trusted store of the end-user browser and system. So it should not lead to any certificate issue. The most possible that www.example-website.com is signed by not trusted certificate authority which leads to use Enterprise-Untrusted-CA, which is not trusted as well

GivemeMoneyOption: D

D. Enterprise-Untrusted-CA which is a self-signed CA

MarshpillowzOption: D

D is correct

TAKUM1yOption: D

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/configure-ssl-forward-proxy

AbuHussainOption: D

D is the answer