ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 609 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 609
Topic #: 1
[All PCNSE Questions]

A firewall administrator has confirmed reports of a website is not displaying as expected, and wants to ensure that decryption is not causing the issue.

Which three methods can the administrator use to determine if decryption is causing the website to fail? (Choose three.)

  • A. Move the policy with action decrypt to the top of the decryption policy rulebase.
  • B. Investigate decryption logs of the specific traffic to determine reasons for failure.
  • C. Temporarily disable SSL decryption for all websites to troubleshoot the issue.
  • D. Disable SSL handshake logging.
  • E. Create a policy-based "No Decrypt" rule in the decryption policy to exclude specific traffic from decryption.
Show Suggested Answer Hide Answer
Suggested Answer: BCE 🗳️
by betko at Sept. 6, 2024, 4:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TeachTrooper
4 months, 3 weeks ago
Selected Answer: BCE
A-> the policy with action "decrypt" We need to look at the answers separately, so we can check the logs for errors & we can disable ssl decryption completely & we can create a specific no decrypt rule for this site .... in order to find out the root cause.
upvoted 1 times
...
scanossa
5 months, 2 weeks ago
Selected Answer: BCE
Why would you need to move the decryption policy above? BCE
upvoted 2 times
af67d32
4 months, 1 week ago
why would you open a huge security hole in your network to troubleshoot a problem with a few websites
upvoted 1 times
...
...
betko
7 months, 2 weeks ago
Selected Answer: BCE
Read these two articles, I think it is B, C, E. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/temporarily-disable-ssl-decryption https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/decryption/troubleshoot-and-monitor-decryption
upvoted 1 times
...
NSO_Blue
7 months, 4 weeks ago
Selected Answer: BE
Only B and E makes sence to me. Why should I disable SSL decryption for ALL?
upvoted 2 times
...
Guizado
9 months, 3 weeks ago
Selected Answer: ABE
A B and E i think, choice E is not compatible with C, if you are disabling all SSL decryption you dont need a no decrypt rule, plus you also wouldnt need to move the policy to the top.
upvoted 4 times
TeachTrooper
4 months, 3 weeks ago
Answer A says action decrypt, not no-decrypt. And you think of all the answers together, you have to think of each answer as a specific action, so to speak.
upvoted 1 times
...
...
betko
10 months ago
Selected Answer: BCE
I think B, C and E.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel