Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 101

If an administrator wants to decrypt SMTP traffic and possesses the server's certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the server?

Answer options

• A. TLS Bidirectional Inspection
• B. SSL Inbound Inspection
• C. SSH Forward Proxy
• D. SMTP Inbound Decryption

Correct answer: B

Explanation

The correct answer is B, SSL Inbound Inspection, because it allows decryption of traffic coming into a server using its certificate. The other options are not suitable for this specific scenario; A applies to bidirectional traffic, C pertains to SSH traffic, and D specifically addresses SMTP decryption but does not utilize the server's certificate.