Exam PCNSE topic 1 question 57 discussion

wouldn't the only correct answer be B? Must be a CA to be used. must have private key also. can be a root but doesnt have to be.... so that only leaves B as correct answer? anyone? as far as i know you cant use public certs for decryption? so cant be A

B can be used. It's true that its not checked as trusted root, but its parent cert is (domain root cert).

Correct answer is B

B is correct as both CA and Key options need to be selected/enabled.

Aside from requiring it to be a CA, you'll notice that answer C uses a hyphen but the cert name has an underscore.

My vote is for C. https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/decryption/configure-ssl-forward-proxy In Step 4 of the Use a self-signed certificate as the Forward Trust certificate, which is titled "Generate new subordinate CA certificates for each firewall" it follows with 5. "Click the new certificate to modify it and click the Forward Trust Certificate checkbox to configure the certificate as the Forward Trust Certificate". The CA box is only necessary to be checked for the Intermediate key. It is the cert created from the Intermediate CA that is used as the Forward Trust cert.

There is no key on the D. The question is "can be used", not "is used". We only need to click on the certificate, then check the box " Forward trust Certificate". Only B is correct.

This is not a valid question. Forward-Trusted Cert has to be configured, otherwise you can't even commit.

B should be wrong because their usage is empty AC does not have CA

B is a correct one

B is correct answer

B is correct

B is correct answer

B is correct answer