Subject Common Name (CN) and Validity Period are the only required attributes.
That is a very poor question. Still, I would go for BD, is the best option
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/decryption-concepts/ssl-inbound-inspection
"On the firewall, you must install the certificate and private key for each server for which you want to perform SSL Inbound Inspection"
While SANs are commonly recommended and may be required by modern browsers to avoid warnings, the Palo Alto documentation does not list SAN as a required attribute for SSL Inbound Inspection to function.
SAN (subject alternative name) is required these days on all major browsers otherwise browsers throw and error. Even if the CN field matches, browsers require SAN to match the inbound server URL.
I have never seen an exam written as bad as PCNSE. You need to have a server certificate with its private key to perform SSL Inbound Inspection. You can define SANs but they are not mandatory (in fact, you could deploy SSL Inbound Inspection WITHOUT defining any SAN).
Question is poorly worded however keep in mind that: Option D subject alternative name is irrelevant, this is only needed when one cert needs to cover multiple websites. For inbound decryption, you need the server certificate for the site and its private key.
On the firewall, you must install the certificate and private key for each server for which you want to perform SSL Inbound Inspection. The firewall validates that the certificate sent by the targeted server during the SSL/TLS handshake matches a certificate in your Decryption policy rule. If there is a match, the firewall forwards the server's certificate to the client requesting server access and establishes a secure connection.
B and C as You can upload the server certificate and private key alone to the firewall if your web server supports only TLS 1.2 and the RSA key exchange algorithm and the server’s certificate chain (if the leaf certificate is signed by intermediate certificates) is installed on the server. SSL Inbound Inspection discusses each case in more detail.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-inbound-inspection
Poorly worded question but I say C because usually the intention of the question is not to be so tricky and shady. In our scenario there is no known requirement for SAN, so I'm thinking to not focus so specifically on the word attributes. The cert *must* have a private key and would need to support server authentication. I understand why many are suggesting D though due to the specific attribute verbiage.
So which answer did you choose? Are we to choose the right answers (corrected by the users), or the wrong answers (provided by exam topics) on the exam to get it right?
This section is not available anymore. Please use the main Exam Page.PCNSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Alen
Highly Voted 2 years, 9 months agoRaaf_NL
1 year, 7 months agoALCOSTA35
8 months, 2 weeks agoTAKUM1y
Highly Voted 2 years, 9 months agoaf67d32
Most Recent 3 weeks, 1 day agoGrupalia1925
1 month, 1 week agoDarkBot
1 month, 2 weeks agoRedheidoo
3 months, 2 weeks agodivi1
3 months, 4 weeks agoCarlosDV06
6 months, 3 weeks agodivi1
3 months, 4 weeks ago62c930f
8 months, 3 weeks agoYohinar
9 months ago362c603
10 months agoBau24
1 year agoMostafaNawar
1 year, 3 months agoJared28
1 year, 5 months agoJRKhan
1 year, 7 months agoomgt2k2
1 year, 7 months agoscanossa
1 year, 7 months ago428cd48
1 year, 4 months ago