Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 459

Which two actions must an engineer take to configure SSL Forward Proxy decryption? (Choose two.)

Answer options

• A. Configure the decryption profile.
• B. Configure SSL decryption rules.
• C. Define a Forward Trust Certificate.
• D. Configure a SSL / TLS service profile.

Correct answer: B, C

Explanation

To enable SSL Forward Proxy decryption, it is essential to configure SSL decryption rules (B) to dictate how traffic should be decrypted and to define a Forward Trust Certificate (C) to establish a trusted connection with clients. The other options, while related to SSL configuration, do not directly pertain to the core requirements for SSL Forward Proxy decryption.