ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PSE-SASE All Questions

View all questions & answers for the PSE-SASE exam
Go to Exam

Exam PSE-SASE topic 1 question 25 discussion

Actual exam question from Palo Alto Networks's PSE-SASE
Question #: 25
Topic #: 1
[All PSE-SASE Questions]

Users connect to a server in the data center for file sharing. The organization wants to decrypt the traffic to this server in order to scan the files being uploaded and downloaded to determine if malware or sensitive data is being moved by users.
Which proxy should be used to decrypt this traffic?

  • A. SCP Proxy
  • B. SSL Inbound Proxy
  • C. SSH Forward Proxy
  • D. SSL Forward Proxy
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Normio at Feb. 10, 2023, 11:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Normio
Highly Voted 2 years, 6 months ago
SSL Inbound Proxy ecryption mode can only work if you have control on the targeted Web Server certificate to be allow to import Key Pair on Palo Alto Networks Device. That's why this decryption mode is often use to decrypt SSL inbound traffic to Internal Web Server. Since in the question they talk about IN THE DATA CENTER, it needs to be this one. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV8CAK
upvoted 5 times
...
7d801bf
Most Recent 1 month ago
Selected Answer: B
SSL inbound inspection is the correct one.
upvoted 1 times
...
ArangoTopics
12 months ago
Selected Answer: D
SSL Inbound inspection not even exist. The decryption on this scenario it's applied to users when they access to the server.
upvoted 1 times
...
Doobiedoo
1 year, 1 month ago
Selected Answer: D
The real answer is "SSL Forward Proxy" on the Mobile User policy, for two reasons. 1) SSL Inbound Proxy is not a real thing. It is SSL Inbound Inspection, and it does not PROXY any connections; the client connects directly to the server and there is no man-in-the-middle proxy from the firewall. 2) The question mentions "DC/datacenter" and with Prisma Access you will have these deployed as Service Connections 99% of the time. Service Connections do not support policies like decryption, nat, and security.
upvoted 2 times
...
sov4
1 year, 3 months ago
Selected Answer: D
D. SSL Forward Proxy. SSL inbound proxy isnt a thing... it's SSL inbound inspection.
upvoted 1 times
...
JohnPalo
1 year, 5 months ago
Selected Answer: D
Since it's referring to internal users and SC-CAN do not enforce security, it would be SSL outbound proxy, that hits the users connecting from remote networks or as Mobile Users.
upvoted 2 times
...
Pretorian
2 years, 4 months ago
Selected Answer: B
Choosing "B" although SSL Inbound INSPECTION is not a proxy.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel