Palo_Alto_NetworksPalo_Alto_Networks
PCNSE · Question #296
PCNSE Question #296: Real Exam Question with Answer & Explanation
Sign in or unlock PCNSE to reveal the answer and full explanation for question #296. The question stem and answer options stay visible for context.
Submitted by takeshi77· Apr 18, 2026Deploy and Configure
Question
Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)
Options
- ACreate a no-decrypt Decryption Policy rule.
- BConfigure an EDL to pull IP addresses of known sites resolved from a CRL.
- CCreate a Dynamic Address Group for untrusted sites
- DCreate a Security Policy rule with vulnerability Security Profile attached.
- EEnable the "Block sessions with untrusted issuers" setting.
Unlock PCNSE to see the answer
You've previewed enough free PCNSE questions. Unlock PCNSE for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#SSL Decryption Policy#Certificate Validation#Untrusted Issuers Blocking#Decryption Profile Settings