Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 356
Your company wants greater visibility into their traffic and has asked you to start planning an SSL Decryption project. The company does not have a PKI infrastructure, and multiple certificates would be needed for this project. Which type of certificate can you use to generate other certificates?
Answer options
- A. self-signed root CA
- B. external CA certificate
- C. server certificate
- D. device certificate
Correct answer: A
Explanation
The correct answer is A, as a self-signed root CA can issue and manage multiple certificates within an organization, enabling SSL decryption. Options B, C, and D cannot generate other certificates; an external CA certificate is issued by a third party, a server certificate is for specific servers, and a device certificate is typically tied to individual devices.