Palo Alto Networks System Engineer – Strata — Question 38

Which two of the following does decryption broker provide on a NGFW? (Choose two.)

Answer options

• A. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once
• B. Eliminates the need for a third party SSL decryption option which allows you to reduce the total number of third party devices performing analysis and enforcement
• C. Provides a third party SSL decryption option which allows you to increase the total number of third party devices performing analysis and enforcement
• D. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic multiple times

Correct answer: A, B

Explanation

The correct answers are A and B because the decryption broker indeed offloads SSL decryption to the Palo Alto Networks next-generation firewall and does so only once, which simplifies the process. Option C is incorrect as it contradicts the functionality of reducing the need for third-party devices, and option D is wrong because the decryption broker does not decrypt traffic multiple times.