Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Question 309

The administrator for a small company has recently enabled decryption on their Palo Alto Networks firewall using a self-signed root certificate. They have also created a Forward Trust and Forward Untrust certificate and set them as such.

The admin has not yet installed the root certificate onto client systems.

What effect would this have on decryption functionality?

Decryption will not function because self-signed root certificates are not supported

Decryption will function, but users will see certificate warnings for each SSL site they visit

Decryption will not function until the certificate is installed on client systems

Decryption will function, and there will be no effect to end users

Correct Answer: B

When decryption is enabled using a self-signed root certificate, the decryption will function. However, users will see certificate warnings for each SSL site they visit because the root certificate has not been installed on the client systems. Without the root certificate being trusted on the client side, browsers and other applications will alert users that the identity of the sites cannot be verified, which results in certificate warnings.

Discussion

jabautista100191Option: B

The correct is B https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEZCA0

DenskyDenOption: B

B. In order to decrypt the SSL sessions, a CA certificate is required. This certificate is used to generate certifcates for each SSL destination. By default, a self-signed certifcate is used. Because this certificate is not a “Trusted CA”, browsers and other applications will give the users a warning indicating that the identity of site they are accessing could not be verifed.

NawdaOption: B

B will be decrypted but will show unsecure due to certificate not in MMC cert. store