Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 249

An organization wishes to roll out decryption but gets some resistance from engineering leadership regarding the guest network.
What is a common obstacle for decrypting traffic from guest devices?

Answer options

• A. Guest devices may not trust the CA certificate used for the forward trust certificate
• B. Guests may use operating systems that can't be decrypted
• C. The organization has no legal authority to decrypt their traffic
• D. Guest devices may not trust the CA certificate used for the forward untrust certificate

Correct answer: A

Explanation

The correct answer is A because guest devices often do not recognize or trust the Certificate Authority (CA) certificate necessary for establishing a secure connection, which is essential for decryption. Option B is incorrect as most operating systems can be configured to allow decryption. Option C is also wrong because most organizations have the legal authority to decrypt traffic, especially within their own networks. Lastly, option D is incorrect as it refers to a different certificate trust relationship that is not directly relevant to the challenge of decryption.