Exam PCNSC topic 1 question 37 discussion

Actual exam question from Palo Alto Networks's PCNSC

Question #: 37
Topic #: 1

SSL Forward Proxy decryption is enabled on the firewall. When clients use Chrome to browse to HTTPS sites, the firewall returns the Forward Trust certificate, even when accessing websites with invalid certificates. The clients need to be presented with a browser warning error with the option to proceed to websites with invalid certificates.
Which two options will satisfy this requirement? (Choose two.)

A. Create a PKI signed Forward Untrust enabled certificate.
B. Create a self-signed Forward Untrust enabled certificate.
C. Create a Decryption Profile with the “Block sessions with expired certificates” option enabled.
D. Remove the Forward Untrust option from the Forward Trust certificate.

Show Suggested Answer

Suggested Answer: AB 🗳️

by Djonzi at March 12, 2025, 11:05 a.m.

Comments

Submit Cancel

dosce

3 days, 18 hours ago

Selected Answer: BC

The question say "Waring browsing" so option C es not correct, Option a is not really the best option because is only chain of trust topic, so B and D is the correct

upvoted 1 times

...

samir111

1 month, 2 weeks ago

Selected Answer: BC

B. Create a self-signed Forward Untrust enabled certificate. C. Create a Decryption Profile with the “Block sessions with expired certificates” option enabled.

upvoted 1 times

Djonzi

1 month, 2 weeks ago

Wrong because of this requirement: "The clients need to be presented with a browser warning error with the option to proceed to websites with invalid certificates."

upvoted 1 times

...

Djonzi

1 month, 2 weeks ago

Selected Answer: BD

Must be self signed and Forwards Trust cert shouldn't be se as Untrust as ewll

upvoted 2 times

...

Exam PCNSC All Questions

View all questions & answers for the PCNSC exam

Exam PCNSC topic 1 question 37 discussion

Comments

dosce

samir111

Djonzi

Djonzi

SY0-701