Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)
A.
Create a no-decrypt Decryption Policy rule.
B.
Configure a Dynamic Address Group for untrusted sites.
C.
Create a Security Policy rule with a vulnerability Security Profile attached.
D.
Enable the ג€Block sessions with untrusted issuersג€ setting.
A and D are correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/decryption-concepts/no-decryption-decryption-profile
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.PCNSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TAKUM1y
Highly Voted 2 years agoMarshpillowz
Most Recent 9 months, 1 week agoDenskyDen
1 year, 9 months agolol12
2 years agoCCIE5592
2 years, 1 month ago