Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 158
What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption? (Choose two.)
Answer options
- A. the web server requires mutual authentication
- B. the website matches a category that is not allowed for most users
- C. the website matches a high-risk category
- D. the website matches a sensitive category
Correct answer: A, D
Explanation
The correct answers, A and D, highlight scenarios where SSL decryption is inappropriate due to security protocols or the sensitivity of the data being transmitted. Option B is incorrect because categorization alone does not necessitate a 'No Decrypt' action, and C is incorrect since high-risk categories can still be decrypted depending on the security policy.