Palo Alto Networks System Engineer – Strata — Question 10

What two types of traffic should you exclude from a decryption policy? (Choose two.)

Answer options

• A. All Business and regulatory traffic
• B. All outbound traffic
• C. All Mutual Authentication traffic
• D. All SSL/TLS 1.3 traffic

Correct answer: A, C

Explanation

Options A and C are correct because business and regulatory traffic, as well as Mutual Authentication traffic, often contain sensitive information that should not be decrypted for compliance and security reasons. Options B and D are incorrect, as excluding all outbound traffic or merely SSL/TLS 1.3 traffic does not adequately address the need to protect critical transaction types.