Summer Special Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: vce65

SSL Forward Proxy decryption is configured, but the firewall uses Untrusted-CA to sign the website...

  1. Home
  2. Paloalto Networks
  3. Palo Alto Certifications and Accreditations
  4. PCNSE
  5. PCNSE Questions
  6. Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0 Practice Questions

SSL Forward Proxy decryption is configured, but the firewall uses Untrusted-CA to sign the website https://www.important-website.com certificate. End-users are receiving the "security certificate is not trusted" warning. Without SSL decryption, the web browser shows that the website certificate is trusted and signed by a well-known certificate chain Well-Known-Intermediate and Well-Known-Root-CA. The network security administrator who represents the customer requires the following two behaviors when SSL Forward Proxy is enabled:

End-users must not get the warning for the https://www.very-important-website.com/ website

End-users should get the warning for any other untrusted websiteWhich approach meets the two customer requirements?

A.

Install the Well-Known-Intermediate-CA and Well-Known-Root-CA certificates on all end-user systems in the user and local computer stores

B.

Clear the Forward Untrust Certificate check box on the Untrusted-CA certificate and commit the configuration

C.

Navigate to Device > Certificate Management > Certificates > Default Trusted Certificate Authorities, import Well-Known-Intermediate-CA and Well-Known-Root-CA, select the Trusted Root CA check box, and commit the configuration

D.

Navigate to Device > Certificate Management > Certificates > Device Certificates, import Well-Known-Intermediate-CA and Well-Known-Root-CA, select the Trusted Root CA check box, and commit the configuration

Paloalto Networks PCNSE View All Questions

Paloalto Networks PCNSE Summary

  • Vendor: Paloalto Networks
  • Product: PCNSE
  • Update on: Aug 19, 2025
  • Questions: 374
Price: $52.5  $149.99
Buy Now PCNSE PDF + Testing Engine Pack
Next
An administrator is informed that the engineer who previously managed all the VPNs has left...
Which two methods can be configured to validate the revocation status of a certificate?
Previous

Payments We Accept

Your purchase with ExamsVCE is safe and fast. Your products will be available for immediate download after your payment has been received.
The ExamsVCE website is protected by 256-bit SSL from McAfee, the leader in online security.

examsvce payment method

Contact Us

Copyright © 2013-2025 examsvce.com. All Rights Reserved
mcafee secure

TESTED 19 Aug 2025