Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 323

The administrator for a small company has recently enabled decryption on their Palo Alto Networks firewall using a self-signed root certificate. They have also created a Forward Trust and Forward Untrust certificate and set them as such.
The admin has not yet installed the root certificate onto client systems.
What effect would this have on decryption functionality?

Answer options

• A. Decryption will not function because self-signed root certificates are not supported
• B. Decryption will function, but users will see certificate warnings for each SSL site they visit
• C. Decryption will not function until the certificate is installed on client systems
• D. Decryption will function, and there will be no effect to end users

Correct answer: B

Explanation

The correct answer is B because when a self-signed root certificate is used without installation on client systems, it leads to certificate warnings for users accessing SSL sites. Options A and C are incorrect because self-signed certificates can work, and decryption can still occur even if the certificate is not installed. Option D is wrong as users will indeed experience warnings.