Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Question 390

A firewall administrator needs to be able to inspect inbound HTTPS traffic on servers hosted in their DMZ to prevent the hosted service from being exploited.

Which combination of features can allow PAN-OS to detect exploit traffic in a session with TLS encapsulation?

a WildFire profile and a File Blocking profile

a Vulnerability Protection profile and a Decryption policy

a Vulnerability Protection profile and a QoS policy

a Decryption policy and a Data Filtering profile

Correct Answer: B

To inspect inbound HTTPS traffic and detect exploit attempts, a firewall needs to be able to decrypt the traffic and then analyze it for vulnerabilities. A Decryption policy allows the inspection of HTTPS traffic by decrypting it, while a Vulnerability Protection profile helps identify and block exploit traffic within the decrypted session. Together, these features ensure that malicious activities hidden in TLS/SSL encapsulated traffic can be detected and mitigated.

Discussion

happyismOption: B

Decryption policy to inspect inbound HTTPS, and Vulnerability profile to stop attempts to exploit system flaws or gain unauthorized access to system.

evdwOption: B

Correct answer B

mysteryzjokerOption: B

agree B

MarshpillowzOption: B

B is correct

DenskyDenOption: B

B. Agree with Happyism.