A firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (CAs): i. Enterprise-Trusted-CA, which is verified as Forward Trust Certificate (The CA is also installed in the trusted store of the end-user browser and system.) ii. Enterprise-Untrusted-CA, which is verified as Forward Untrust Certificate iii. Enterprise-Intermediate-CA iv. Enterprise-Root-CA, which is verified only as Trusted Root CA An end-user visits https://www.example-website.com/ with a server…

QuestionsCategory: PCNSEA firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (CAs): i. Enterprise-Trusted-CA, which is verified as Forward Trust Certificate (The CA is also installed in the trusted store of the end-user browser and system.) ii. Enterprise-Untrusted-CA, which is verified as Forward Untrust Certificate iii. Enterprise-Intermediate-CA iv. Enterprise-Root-CA, which is verified only as Trusted Root CA An end-user visits https://www.example-website.com/ with a server…
Admin Staff asked 3 months ago
A firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (CAs): i. Enterprise-Trusted-CA, which is verified as Forward Trust Certificate (The CA is also installed in the trusted store of the end-user browser and system.) ii. Enterprise-Untrusted-CA, which is verified as Forward Untrust Certificate iii. Enterprise-Intermediate-CA iv. Enterprise-Root-CA, which is verified only as Trusted Root CA
An end-user visits https://www.example-website.com/ with a server certificate Common Name (CN): www.example-website.com. The firewall does the SSL
Forward Proxy decryption for the website and the server certificate is not trusted by the firewall.
The end-user's browser will show that the certificate for www. example-website.com was issued by which of the following?

A. Enterprise-Trusted-CA which is a self-signed CA

B. Enterprise-Root-CA which is a self-signed CA

C. Enterprise-Intermediate-CA which was, in turn, issued by Enterprise-Root-CA

D. Enterprise-Untrusted-CA which is a self-signed CA








 

Suggested Answer: D



This question is in PCNSE Palo Alto Networks Certified Network Security Engineer Exam
For getting Palo Alto Networks Certified Network Security Engineer (PCNSE) Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Palo Alto Networks.
Trademarks, certification & product names are used for reference only and belong to Palo Alto Networks.
The website does not contain actual questions and answers from Palo Alto Networks's Certification Exams.

Recommended

Welcome Back!

Login to your account below

Create New Account!

Fill the forms below to register

Retrieve your password

Please enter your username or email address to reset your password.