Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 605

A firewall administrator has confirmed reports of a website is not displaying as expected, and wants to ensure that decryption is not causing the issue.

Which three methods can the administrator use to determine if decryption is causing the website to fail? (Choose three.)

Answer options

• A. Move the policy with action decrypt to the top of the decryption policy rulebase.
• B. Investigate decryption logs of the specific traffic to determine reasons for failure.
• C. Temporarily disable SSL decryption for all websites to troubleshoot the issue.
• D. Disable SSL handshake logging.
• E. Create a policy-based "No Decrypt" rule in the decryption policy to exclude specific traffic from decryption.

Correct answer: B, C, E

Explanation

Option B is correct as it allows the administrator to check detailed logs for issues related to decryption failures. Option C is also valid since disabling SSL decryption can help isolate whether it's the root cause of the problem. Option E permits specific traffic to bypass decryption, which is useful for troubleshooting. Options A and D do not directly aid in determining the cause of the website failure.