NETSEC-GENERALIST · Question #51
NETSEC-GENERALIST Question #51: Real Exam Question with Answer & Explanation
The correct answer is B: SSL/TLS decryption. In Palo Alto Networks Next-Generation Firewall (NGFW), packet processing is categorized into the fast path (also known as the accelerated path) and the slow path (also known as deep inspection processing). The slow path is responsible for handling operations that require deep con
Question
Which action is only taken during slow path in the NGFW policy?
Options
- ASession lookup
- BSSL/TLS decryption
- CLayer 2-Layer 4 firewall processing
- DSecurity policy lookup
Explanation
In Palo Alto Networks Next-Generation Firewall (NGFW), packet processing is categorized into the fast path (also known as the accelerated path) and the slow path (also known as deep inspection processing). The slow path is responsible for handling operations that require deep content inspection and policy enforcement beyond standard Layer 2-4 packet forwarding. Slow Path Processing and SSL/TLS Decryption SSL/TLS decryption is performed only during the slow path because it involves computationally intensive tasks such as: - Intercepting encrypted traffic and performing man-in-the-middle (MITM) decryption. - Extracting the SSL handshake and certificate details for security inspection. - Inspecting decrypted payloads for threats, malicious content, and compliance with security - Re-encrypting the traffic before forwarding it to the intended destination. This process is critical in environments where encrypted threats can bypass traditional security inspection mechanisms. However, it significantly impacts firewall performance, making it a slow
Topics
Community Discussion
No community discussion yet for this question.