Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)
Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)
To block sites with untrusted certificates without enabling SSL Forward Proxy, you can create a no-decrypt Decryption Policy rule, which ensures that traffic is not decrypted but still inspected for certain criteria (such as certificate trust). Additionally, enabling the 'Block sessions with untrusted issuers' setting will help to automatically block sessions that use untrusted certificates. These actions together create a robust approach to handling untrusted certificates without the need for SSL Forward Proxy.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/decryption-concepts/no-decryption-decryption-profile
Agree AD
A and D are correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/decryption-concepts/no-decryption-decryption-profile
A and D correct
Agree that it is A & D.