Exam PCNSE topic 1 question 89 discussion

A,C,D are all correct for this question: Depending on your needs, create Decryption profiles to: Block sessions based on certificate status, including blocking sessions with >>>expired certificates, >>>untrusted issuers, unknown certificate status, certificate status check timeouts, and certificate extensions. Block sessions with >>>unsupported versions and cipher suites, and that require using client authentication.

A and C, checked on an actual firewall, those are the only settings in NO DECRYPT.

Here is the documentation for A and D. https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/decryption/decryption-concepts/no-decryption-decryption-profile#id185BA08H0PP

A and D are correct. "No Decryption" is the Keyword of this question. There are following 2 items in the Server Certificate Verification in the No Decryption configuration. - Block sessions with expired certificates - Block sessions with untrusted issuers

A and D correct

V as well

A C & D are correct based on https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/define-traffic-to-decrypt/create-a-decryption-profile

Not sure about this question, as the URL below says this: Block sessions based on certificate status, including blocking sessions with expired certificates, untrusted issuers, unknown certificate status, certificate status check timeouts, and certificate extensions. Block sessions with unsupported versions and cipher suites, and that require using client authentication. So theoretically A, C, and D seem to be correct, but we only need to chose 2?

A & D are the correct options.

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/define-traffic-to-decrypt/create-a-decryption-profile