Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 555
Which two benefits come from assigning a Decryption Profile to a Decryption policy rule with a `No Decrypt` action? (Choose two.)
Answer options
- A. Block sessions with expired certificates
- B. Block sessions with client authentication
- C. Block sessions with unsupported cipher suites
- D. Block sessions with untrusted issuers
- E. Block credential phishing
Correct answer: A, D
Explanation
The correct answers, A and D, highlight the profile's ability to block sessions that have expired certificates and those from untrusted issuers, ensuring security. The other options do not align with the primary function of a Decryption Profile in a `No Decrypt` context, as they address different aspects of session management and security.