ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 183 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 183
Topic #: 1
[All PCNSE Questions]

A firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (CAs): i. Enterprise-Trusted-CA, which is verified as Forward Trust Certificate (The CA is also installed in the trusted store of the end-user browser and system.) ii. Enterprise-Untrusted-CA, which is verified as Forward Untrust Certificate iii. Enterprise-Intermediate-CA iv. Enterprise-Root-CA, which is verified only as Trusted Root CA
An end-user visits https://www.example-website.com/ with a server certificate Common Name (CN): www.example-website.com. The firewall does the SSL
Forward Proxy decryption for the website and the server certificate is not trusted by the firewall.
The end-user's browser will show that the certificate for www. example-website.com was issued by which of the following?

  • A. Enterprise-Trusted-CA which is a self-signed CA
  • B. Enterprise-Root-CA which is a self-signed CA
  • C. Enterprise-Intermediate-CA which was, in turn, issued by Enterprise-Root-CA
  • D. Enterprise-Untrusted-CA which is a self-signed CA
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Marcyy at Dec. 9, 2021, 11:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
homersimpson
Highly Voted 3 years ago
Selected Answer: D
D is the answer.
upvoted 5 times
...
Marcyy
Highly Voted 3 years, 1 month ago
Should be D.
upvoted 5 times
...
Marshpillowz
Most Recent 11 months, 4 weeks ago
Selected Answer: D
D is correct
upvoted 1 times
...
TAKUM1y
2 years, 3 months ago
Selected Answer: D
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/configure-ssl-forward-proxy
upvoted 1 times
...
UFanat
2 years, 7 months ago
Selected Answer: D
Enterprise-Trusted-CA is installed in the trusted store of the end-user browser and system. So it should not lead to any certificate issue. The most possible that www.example-website.com is signed by not trusted certificate authority which leads to use Enterprise-Untrusted-CA, which is not trusted as well
upvoted 3 times
...
AbuHussain
2 years, 10 months ago
Selected Answer: D
D is the answer
upvoted 1 times
...
GivemeMoney
3 years ago
Selected Answer: D
D. Enterprise-Untrusted-CA which is a self-signed CA
upvoted 3 times
...
Micutzu
3 years, 1 month ago
D is correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel