nerdexam
Palo_Alto_Networks

NETSEC-GENERALIST · Question #24

Which NGFW function can be used to enhance visibility, protect, block, and log the use of Post- quantum Cryptography (PQC)?

The correct answer is B. Decryption policy. Post-quantum Cryptography (PQC) involves new key exchange algorithms (e.g., CRYSTALS-Kyber) embedded within TLS handshakes. Because PQC manifests at the TLS layer, the Decryption policy is the correct control point to gain visibility into, block, or allow traffic that uses PQC ci

Decryption

Question

Which NGFW function can be used to enhance visibility, protect, block, and log the use of Post- quantum Cryptography (PQC)?

Options

  • ADNS Security profile
  • BDecryption policy
  • CSecurity policy
  • DDecryption profile

How the community answered

(28 responses)
  • B
    93% (26)
  • C
    4% (1)
  • D
    4% (1)

Explanation

Post-quantum Cryptography (PQC) involves new key exchange algorithms (e.g., CRYSTALS-Kyber) embedded within TLS handshakes. Because PQC manifests at the TLS layer, the Decryption policy is the correct control point to gain visibility into, block, or allow traffic that uses PQC cipher suites or key exchange mechanisms. Decryption policies govern which TLS sessions are inspected and can be configured to act on specific TLS attributes-including PQC-related ones-and produce log entries for each matched session. A Decryption profile (option D) only defines SSL/TLS inspection parameters applied within a decryption policy; it cannot independently enforce or log PQC usage. DNS Security profiles and Security policies do not operate at the TLS negotiation layer where PQC is detectable.

Topics

#NGFW Decryption#Post-quantum Cryptography#Encrypted Traffic Inspection#Traffic Visibility

Community Discussion

No community discussion yet for this question.

Full NETSEC-GENERALIST Practice