What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption? (Choose two.)
What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption? (Choose two.)
There are two common reasons to use a 'No Decrypt' action to exclude traffic from SSL decryption. The first reason is when the web server requires mutual authentication. Mutual authentication involves both the client and the server authenticating each other, and decrypting the traffic would interfere with this process. The second reason is when the website matches a sensitive category. Sensitive categories often include content like financial services, health, and government websites, where decrypting the traffic could expose sensitive personal information.
A and D: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/decryption/decryption-exclusions/create-a-policy-based-decryption-exclusion
Should be A and D
For mutual authentication we must configure SSL Decryption Exclusion and once we include a destination into SSL Decryption Exclusion all the decryption policy rules are bypassed, therefor there is not action of "NO DECRYPT". "No decrypt" it's only inside decryption policy rule. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/decryption-exclusions/create-a-policy-based-decryption-exclusion.html "Traffic that originates or is destined for executives or other users whose traffic shouldn’t be decrypted." = restricted/limited group of users In my opinion the correct answers are B&D.
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/decryption-exclusions/palo-alto-networks-predefined-decryption-exclusions.html The firewall provides a predefined SSL Decryption Exclusion list to exclude from decryption commonly used sites that break decryption because of technical reasons such as pinned certificates and mutual authentication.
Should be A and D
A:https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/decryption-exclusions/exclude-a-server-from-decryption B:https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/decryption-exclusions/create-a-policy-based-decryption-exclusion
A and D, no doubt. A - Because decryption requires to proxy TLS and client certificate will not be used. B- Compliance issues avoid to open tunnels to certain entities (...)
D : Traffic that you should never decrypt because it contains personally identifiable information (PII) or other sensitive information, such as the URL Filtering categories financial-services, health-and-medicine, and government.
A and D correct
qwerqwer a d
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/decryption/decryption-exclusions/create-a-policy-based-decryption-exclusion
Web server which requires mutual authentication does not support ssl decryption. And you should exclude sensitive sites from decryption.