You don't need to configure decryption profile, there is already one predefined (default) and this decryption profile you don't even need to apply in a decryption policy rule.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-forward-proxy
Although Decryption profiles are optional, it is a best practice to include a Decryption profile with each Decryption policy rule to prevent weak, vulnerable protocols and algorithms from allowing questionable traffic on your network.
Answer BC:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-forward-proxy --> there it states that a forward trust cert as well as a decryption rule are necessary, a decryption profile is optional
Answer C, B
I have just tested in lab, you def need SSL Forward Trust Cert and you configure a Decryption Policy Rule under Policies >> Decryption >> Add with Source Zone, Destination Zone and Options of SSL Forward Proxy.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.PCNSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
weze1336
5 months agotonja
7 months, 4 weeks agohdrnzienlaoroljol
8 months agojens23
8 months, 1 week agoMarshpillowz
9 months, 1 week agoKaifus
9 months, 3 weeks agod34a5eb
10 months agotamaster22
10 months, 1 week agocx777o
10 months, 1 week agofranko_72
10 months, 2 weeks ago