Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 363
An administrator is configuring SSL decryption and needs to ensure that all certificates for both SSL Inbound inspection and SSL Forward Proxy are installed properly on the firewall.
When certificates are being imported to the firewall for these purposes, which three certificates require a private key? (Choose three.)
Answer options
- A. Forward Untrust certificate
- B. Enterprise Root CA certificate
- C. Forward Trust certificate
- D. End-entity (leaf) certificate
- E. Intermediate certificate(s)
Correct answer: A, C, D
Explanation
The Forward Untrust certificate, Forward Trust certificate, and End-entity (leaf) certificate require a private key because they are involved in the actual encryption and decryption process. The Enterprise Root CA certificate and Intermediate certificate(s) are typically used for establishing trust and do not require a private key for installation on the firewall.