PCNSE Question #430: Real Exam Question with Answer & Explanation

The correct answer is A: Transparent Bridge Security Chain. Palo Alto Networks Decryption Broker allows the firewall to decrypt SSL/TLS traffic and forward it to third-party security devices that cannot perform decryption themselves. It supports two security chain deployment modes: (A) Transparent Bridge Security Chain, where chained devi

Submitted by lukas.cz· Apr 18, 2026Deploy and Configure

Question

What are two valid deployment options for Decryption Broker? (Choose two)

Options

ATransparent Bridge Security Chain
BLayer 3 Security Chain
CLayer 2 Security Chain
DTransparent Mirror Security Chain

Explanation

Palo Alto Networks Decryption Broker allows the firewall to decrypt SSL/TLS traffic and forward it to third-party security devices that cannot perform decryption themselves. It supports two security chain deployment modes: (A) Transparent Bridge Security Chain, where chained devices operate at Layer 2 transparently, and (B) Layer 3 Security Chain, where chained devices route traffic at Layer 3. 'Layer 2 Security Chain' and 'Transparent Mirror Security Chain' are not valid Decryption Broker deployment options. The mirror option is associated with decryption port mirroring, a completely separate feature used for passive traffic capture.

Topics

#Decryption Broker#Deployment Options#Security Chain#SSL Decryption

Community Discussion

No community discussion yet for this question.

Full PCNSE Practice Browse All PCNSE Questions