Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 201

If an administrator does not possess a website's certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic when users browse to HTTP(S) websites?

Answer options

• A. SSL Forward Proxy
• B. SSL Inbound Inspection
• C. SSL Reverse Proxy
• D. SSL Outbound Inspection

Correct answer: A

Explanation

The correct answer is A, SSL Forward Proxy, which allows the firewall to decrypt and inspect traffic to HTTPS sites without needing the server's certificate. The other options, such as SSL Inbound Inspection and SSL Reverse Proxy, are designed for different scenarios where the certificate is available or applicable, thus making them unsuitable in this context.