Palo Alto Networks System Engineer – SASE — Question 11
Users connect to a server in the data center for file sharing. The organization wants to decrypt the traffic to this server in order to scan the files being uploaded and downloaded to determine if malware or sensitive data is being moved by users.
Which proxy should be used to decrypt this traffic?
Answer options
- A. SCP Proxy
- B. SSL Inbound Proxy
- C. SSH Forward Proxy
- D. SSL Forward Proxy
Correct answer: D
Explanation
The correct answer is D, SSL Forward Proxy, as it is specifically designed to decrypt SSL/TLS traffic to inspect the contents. Options A and C are not applicable as they relate to different protocols (SCP and SSH, respectively), while option B does not focus on outbound traffic decryption, making it unsuitable for this scenario.