Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 470

An administrator has a Palo Alto Networks NGFW. All security subscriptions and decryption are enabled and the system is running close to its resource limits.

Knowing that using decryption can be resource-intensive, how can the administrator reduce the load on the firewall?

Answer options

• A. Use SSL Forward Proxy instead of SSL Inbound Inspection for decryption.
• B. Use RSA instead of ECDSA for traffic that isn’t sensitive or high-priority.
• C. Use the highest TLS protocol version to maximize security.
• D. Use ECDSA instead of RSA for traffic that isn’t sensitive or high-priority.

Correct answer: B

Explanation

Choosing RSA over ECDSA for traffic that is not sensitive or high-priority can lighten the resource burden on the firewall, as RSA is generally less intensive in terms of processing. The other options either do not address the resource issue effectively or could potentially increase the resource load, making them less suitable for this situation.