Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 340

An engineer is configuring secure web access (HTTPS) to a Palo Alto Networks firewall for management.

Which profile should be configured to ensure that management access via web browsers is encrypted with a trusted certificate?

Answer options

• A. A Certificate profile should be configured with a trusted root CA
• B. An SSL/TLS Service profile should be configured with a certificate assigned.
• C. An Interface Management profile with HTTP and HTTPS enabled should be configured.
• D. An Authentication profile with the allow list of users should be configured.

Correct answer: B

Explanation

The correct answer is B because the SSL/TLS Service profile specifically handles the encryption and is responsible for assigning the required certificate for secure management access. Option A is incorrect as it only involves a Certificate profile and does not directly relate to SSL/TLS settings, while options C and D do not provide the necessary encryption functionalities for HTTPS access.