PCNSE Question #524: Real Exam Question with Answer & Explanation

Sign in or unlock PCNSE to reveal the answer and full explanation for question #524. The question stem and answer options stay visible for context.

Submitted by hans_de· Apr 18, 2026Deploy and Configure

Question

During the implementation of SSL Forward Proxy decryption, an administrator imports the company's Enterprise Root CA and Intermediate CA certificates onto the firewall. The company's Root and Intermediate CA certificates are also distributed to trusted devices using Group Policy and GlobalProtect. Additional device certificates and/or Subordinate certificates requiring an Enterprise CA chain of trust are signed by the company's Intermediate CA. Which method should the administrator use when creating Forward Trust and Forward Untrust certificates on the firewall for use with decryption?

Options

AGenerate a single subordinate CA certificate for both Forward Trust and Forward Untrust.
BGenerate a CA certificate for Forward Trust and a self-signed CA for Forward Untrust.
CGenerate a single self-signed CA certificate for Forward Trust and another for Forward Untrust
DGenerate two subordinate CA certificates, one for Forward Trust and one for Forward Untrust.

Unlock PCNSE to see the answer

You've previewed enough free PCNSE questions. Unlock PCNSE for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock PCNSE - $49.99 / 30 days Sign in

Topics

#SSL Decryption#Certificate Management#PKI#Forward Trust / Forward Untrust

Full PCNSE Practice Browse All PCNSE Questions