Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 504

An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications
DNS, SSL, and web-browsing.
The administrator generates three encrypted BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL.
Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as SSL?

Answer options

• A. Create a decryption rule matching the encrypted BitTorrent traffic with action ג€No-Decrypt,ג€ and place the rule at the top of the Decryption policy.
• B. Create a Security policy rule that matches application ג€encrypted BitTorrentג€ and place the rule at the top of the Security policy.
• C. Disable the exclude cache option for the firewall.
• D. Create a Decryption Profile to block traffic using unsupported cyphers, and attach the profile to the decryption rule.

Correct answer: D

Explanation

The correct answer is D because creating a Decryption Profile that blocks unsupported ciphers will prevent encrypted BitTorrent traffic from being decrypted as SSL. Option A would not affect the classification of traffic if it is already decrypted, while option B does not address the decryption issue, and option C is unrelated to the SSL decryption process.