A network administrator wants to deploy SSL Inbound Inspection. What two attributes should the required certificate have? (Choose two.)
A network administrator wants to deploy SSL Inbound Inspection. What two attributes should the required certificate have? (Choose two.)
For SSL Inbound Inspection, the required certificate should have a private key and be a server certificate. The private key is necessary to decrypt the incoming SSL/TLS traffic for inspection. The server certificate is used to establish the SSL/TLS connection with the client and is essential for re-encrypting the traffic after inspection. These attributes ensure that the firewall can both decrypt and re-encrypt the traffic, which is crucial for SSL Inbound Inspection.
question asks what two attributes of a certicate are required, not what type of certificates are required. answer is B and D
Subject Common Name (CN) and Validity Period are the only required attributes. That is a very poor question. Still, I would go for BD, is the best option
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/decryption-concepts/ssl-inbound-inspection "On the firewall, you must install the certificate and private key for each server for which you want to perform SSL Inbound Inspection"
BC : On the firewall, you must install the certificate and private key for each server for which you want to perform SSL Inbound Inspection. If your web server supports TLS 1.2 and PFS key exchange algorithms and your end-entity (leaf) certificate is signed by intermediate certificates, we recommend uploading a certificate chain (a single file) to the firewall. Uploading the chain avoids client-side server certificate authentication issues.
Sorry it BD , question is regarding ( What two attributes should the required certificate have? ) lillite confusing
Correct answer is B,C On the firewall, you must install the certificate and private key for each server for which you want to perform SSL Inbound Inspection. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/decryption-concepts/ssl-inbound-inspection
B,D - the attributes not the type.
Poorly worded question but I say C because usually the intention of the question is not to be so tricky and shady. In our scenario there is no known requirement for SAN, so I'm thinking to not focus so specifically on the word attributes. The cert *must* have a private key and would need to support server authentication. I understand why many are suggesting D though due to the specific attribute verbiage.
It is a poorly written question but I guess they want us to go for B and C.
I got this question in the exam
So which answer did you choose? Are we to choose the right answers (corrected by the users), or the wrong answers (provided by exam topics) on the exam to get it right?
B. A private key: The private key is necessary to decrypt the incoming SSL/TLS traffic so that it can be inspected. Without the private key, you won't be able to decrypt the traffic, which is a fundamental part of SSL Inbound Inspection. C. A server certificate: This certificate is used to establish the SSL/TLS connection with the client. It's presented to the client during the SSL handshake and is typically issued for the server's hostname or domain. This certificate is also used for re-encrypting the traffic after inspection.
BD because the question asks for attributes.
B, D are talking about the attributes.
B and C as You can upload the server certificate and private key alone to the firewall if your web server supports only TLS 1.2 and the RSA key exchange algorithm and the server’s certificate chain (if the leaf certificate is signed by intermediate certificates) is installed on the server. SSL Inbound Inspection discusses each case in more detail. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-inbound-inspection
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/decryption-concepts/ssl-inbound-inspection
Option D subject alternative name is irrelevant, this is only needed when one cert needs to cover multiple websites. For inbound decryption, you need the server certificate for the site and its private key.
It´s tricky. If you go for "certificate attributes" in the sense of "certificate extensions", and regarding this link: https://knowledge.digicert.com/solution/SO18140.html then the only extensions are C: purpose = server certificate D: Subject alternate name (DNS) As it is inbound inspection I would assume, that it is for a web server which will nowadays always have a server certificate with subject alternate name. By the way, the "private key" is NOT an attribute of a SSL certificate. Anyway you have to import the server certificate including the private key.
A and B are best choices imho. 'You can upload the server certificate and private key alone to the firewall if your web server supports only TLS 1.2 and the RSA key exchange algorithm and the server’s certificate chain (if the leaf certificate is signed by intermediate certificates) is installed on the server. SSL Inbound Inspection discusses each case in more detail. "https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/decryption/configure-ssl-inbound-inspection#:~:text=You%20can%20upload,in%20more%20detail
These are the only Certificate attributes in the available options.