NETSEC-GENERALIST · Question #24
Which NGFW function can be used to enhance visibility, protect, block, and log the use of Post- quantum Cryptography (PQC)?
The correct answer is B. Decryption policy. Post-quantum Cryptography (PQC) involves new key exchange algorithms (e.g., CRYSTALS-Kyber) embedded within TLS handshakes. Because PQC manifests at the TLS layer, the Decryption policy is the correct control point to gain visibility into, block, or allow traffic that uses PQC ci
Question
Which NGFW function can be used to enhance visibility, protect, block, and log the use of Post- quantum Cryptography (PQC)?
Options
- ADNS Security profile
- BDecryption policy
- CSecurity policy
- DDecryption profile
How the community answered
(28 responses)- B93% (26)
- C4% (1)
- D4% (1)
Explanation
Post-quantum Cryptography (PQC) involves new key exchange algorithms (e.g., CRYSTALS-Kyber) embedded within TLS handshakes. Because PQC manifests at the TLS layer, the Decryption policy is the correct control point to gain visibility into, block, or allow traffic that uses PQC cipher suites or key exchange mechanisms. Decryption policies govern which TLS sessions are inspected and can be configured to act on specific TLS attributes-including PQC-related ones-and produce log entries for each matched session. A Decryption profile (option D) only defines SSL/TLS inspection parameters applied within a decryption policy; it cannot independently enforce or log PQC usage. DNS Security profiles and Security policies do not operate at the TLS negotiation layer where PQC is detectable.
Topics
Community Discussion
No community discussion yet for this question.