ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 323 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 323
Topic #: 1
[All PCNSE Questions]

An organization wishes to roll out decryption but gets some resistance from engineering leadership regarding the guest network.
What is a common obstacle for decrypting traffic from guest devices?

  • A. Guest devices may not trust the CA certificate used for the forward trust certificate
  • B. Guests may use operating systems that can't be decrypted
  • C. The organization has no legal authority to decrypt their traffic
  • D. Guest devices may not trust the CA certificate used for the forward untrust certificate
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by bimyo at Oct. 3, 2022, 7:50 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NullNull88
3 days, 11 hours ago
Selected Answer: C
Anytime you're being a creep and Snooping on anything be careful,.. Anytime you violate someone's basic civil rights or reasonable right to privacy you should probably talk to a lawyer,.. Anytime you do anything sketchy consult a lawyer
upvoted 1 times
...
123XYZT
8 months, 1 week ago
C: Prepare updated legal and HR computer usage policies to distribute to all employees, contractors, partners, guests, and any other network users so that when you roll out decryption, users understand their data can be decrypted and scanned for threats.
upvoted 1 times
...
123XYZT
8 months, 1 week ago
I think is C, you could use a root certificate, like one from Godaddy and the guest device will trust it.
upvoted 2 times
...
TAKUM1y
2 years, 3 months ago
https://docs.paloaltonetworks.com/best-practices/10-2/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment
upvoted 2 times
...
TAKUM1y
2 years, 3 months ago
Selected Answer: A
https://live.paloaltonetworks.com/t5/general-topics/decrypt-guest-network-traffic/td-p/119388
upvoted 3 times
...
hpbdcb
2 years, 4 months ago
for germany it is 100% C !
upvoted 3 times
Jared28
11 months, 3 weeks ago
Definitely A but yeah, C could absolutely be true depending on the laws in the region the firewall is in.
upvoted 1 times
...
...
datz
2 years, 4 months ago
Selected Answer: A
I would say answer is A, Guests will be accepting the Policy/Guidelines of using yr Internet, so not really an obsticle Similarly to BYOD devices, enterprises don’t control guest devices. If you allow guest devices on your network, decrypt their traffic and subject it to the same Security policy that you apply to other network traffic. To do this, redirect guest users through an Authentication Portal, instruct them how to download and install the CA certificate, and clearly notify users that their traffic will be decrypted. Include the process in your company’s privacy and computer usage policy.
upvoted 2 times
...
bimyo
2 years, 4 months ago
Not really clear here, it seems it could be A or C https://docs.paloaltonetworks.com/best-practices/10-2/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago