Exam PCNSC topic 1 question 37 discussion

Actual exam question from Palo Alto Networks's PCNSC

Question #: 37
Topic #: 1

SSL Forward Proxy decryption is enabled on the firewall. When clients use Chrome to browse to HTTPS sites, the firewall returns the Forward Trust certificate, even when accessing websites with invalid certificates. The clients need to be presented with a browser warning error with the option to proceed to websites with invalid certificates.
Which two options will satisfy this requirement? (Choose two.)

A. Create a PKI signed Forward Untrust enabled certificate.
B. Create a self-signed Forward Untrust enabled certificate.
C. Create a Decryption Profile with the “Block sessions with expired certificates” option enabled.
D. Remove the Forward Untrust option from the Forward Trust certificate.

Show Suggested Answer

Suggested Answer: AB 🗳️

by Djonzi at March 12, 2025, 11:05 a.m.

Comments

Submit Cancel

samir111

2 weeks, 3 days ago

Selected Answer: BC

B. Create a self-signed Forward Untrust enabled certificate. C. Create a Decryption Profile with the “Block sessions with expired certificates” option enabled.

upvoted 1 times

Djonzi

2 weeks, 3 days ago

Wrong because of this requirement: "The clients need to be presented with a browser warning error with the option to proceed to websites with invalid certificates."

upvoted 1 times

...

Djonzi

3 weeks, 1 day ago

Selected Answer: BD

Must be self signed and Forwards Trust cert shouldn't be se as Untrust as ewll

upvoted 1 times

...

Exam PCNSC All Questions

View all questions & answers for the PCNSC exam

Exam PCNSC topic 1 question 37 discussion

Comments

samir111

Djonzi

Djonzi

SY0-701