B and D are mandatory (server's certificate and private key + decryption policy). C decryption profile is not mandatory but is highly recommended. Even when you set up SSL Inbound Inspection policy, certificate setting is highlighted in red framing meaning it's mandatory, while decryption profile setting in the policy does NOT have red framing, meaning that it's not mandatory. So the syntax of this question and provided options for answers are not really 100% correct.
Definetly B and D, but a Decryption Profile is not necessary: "Although Decryption profiles are optional, it is best to include a Decryption profile with each Decryption policy rule to prevent weak, vulnerable protocols and algorithms from allowing questionable traffic on your network". The questions asks for necessary components.
BCD
Use SSL Inbound Inspection to decrypt and inspect inbound SSL traffic destined for a network server (you can perform SSL Inbound Inspection for any server if you load the server certificate onto the firewall). With an SSL Inbound Inspection Decryption policy enabled, the firewall decrypts all SSL traffic identified by the policy to clear text traffic and inspects it. The firewall blocks, restricts, or allows the traffic based on the Decryption profile attached to the policy and the Security policy that applies to the traffic, including any configured Antivirus, Vulnerability Protection, Anti-Spyware, URL Filtering, and File Blocking profiles.
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/configure-ssl-inbound-inspection
Configuring SSL Inbound Inspection includes:
- Installing the targeted server certificate on the firewall.
- Creating an SSL Inbound Inspection Decryption policy rule.
- Applying a Decryption profile to the policy rule.
This section is not available anymore. Please use the main Exam Page.PCNSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Marshpillowz
9 months agoMetgatz
10 months, 2 weeks agoAndromeda1800
10 months, 3 weeks agoEiffelsturm
11 months agoMHy2k
1 year, 1 month agoMarbot
1 year, 8 months agoDenskyDen
1 year, 8 months agodroide
1 year, 8 months agodjedeen
1 year, 10 months agoMaryamk
1 year, 10 months agojuangsap
1 year, 10 months agoevdw
1 year, 10 months ago