Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 424
An administrator has been tasked with deploying SSL Forward Proxy.
Which two types of certificates are used to decrypt the traffic? (Choose two.)
Answer options
- A. Device certificate
- B. Subordinate CA from the administrator’s own PKI infrastructure
- C. Self-signed root CA
- D. External CA certificate
Correct answer: B, C
Explanation
The correct answers are B and C because a subordinate CA from the administrator’s own PKI infrastructure and a self-signed root CA are essential for traffic decryption in SSL Forward Proxy. The other options, such as Device certificate and External CA certificate, do not provide the required capabilities for decrypting the traffic in this context.