During the implementation of SSL Forward Proxy decryption, an administrator imports the company’s Enterprise Root CA and Intermediate CA certificates onto the firewall. The company’s Root and Intermediate CA certificates are also distributed to trusted devices using Group Policy and GlobalProtect. Additional device certificates and/or Subordinate certificates requiring an Enterprise CA chain of trust are signed by the company’s Intermediate CA.
Which method should the administrator use when creating Forward Trust and Forward Untrust certificates on the firewall for use with decryption?

A. Generate two subordinate CA certificates, one for Forward Trust and one for Forward Untrust.

B. Generate a CA certificate for Forward Trust and a self-signed CA for Forward Untrust.

C. Generate a single subordinate CA certificate for both Forward Trust and Forward Untrust.

D. Generate a single self-signed CA certificate for Forward Trust and another for Forward Untrust.








 

Suggested Answer: B



This question is in PCNSE Palo Alto Networks Certified Network Security Engineer Exam
For getting Palo Alto Networks Certified Network Security Engineer (PCNSE) Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Palo Alto Networks.
Trademarks, certification & product names are used for reference only and belong to Palo Alto Networks.
The website does not contain actual questions and answers from Palo Alto Networks's Certification Exams.