NETSEC-GENERALIST · Question #22
NETSEC-GENERALIST Question #22: Real Exam Question with Answer & Explanation
The correct answer is A: Validate which certificates will be used to establish trust.. To successfully monitor and control IT-sanctioned SaaS applications, decryption policies must be configured, along with Data Filtering and URL Filtering Profiles in Security Policies. Why These Two Steps Are Necessary? Validate which certificates will be used to establish trust (
Question
A company has an ongoing initiative to monitor and control IT-sanctioned SaaS applications. To be successful, it will require configuration of decryption policies, along with data filtering and URL Filtering Profiles used in Security policies. Based on the need to decrypt SaaS applications, which two steps are appropriate to ensure success? (Choose two.)
Options
- AValidate which certificates will be used to establish trust.
- BConfigure SSL Forward Proxy.
- CCreate new self-signed certificates to use for decryption.
- DConfigure SSL Inbound Inspection.
Explanation
To successfully monitor and control IT-sanctioned SaaS applications, decryption policies must be configured, along with Data Filtering and URL Filtering Profiles in Security Policies. Why These Two Steps Are Necessary? Validate which certificates will be used to establish trust ( Correct) When configuring SSL decryption, the firewall must establish trust between endpoints and the proxy certificate. This involves deploying a trusted root certificate to internal user devices to avoid SSL/TLS Configure SSL Forward Proxy ( Correct) SSL Forward Proxy is required for decrypting outbound HTTPS traffic to SaaS applications. It allows policy enforcement on SaaS-bound traffic, including URL filtering, data filtering, and application control.
Topics
Community Discussion
No community discussion yet for this question.