PCNSE Question #661: Real Exam Question with Answer & Explanation

Sign in or unlock PCNSE to reveal the answer and full explanation for question #661. The question stem and answer options stay visible for context.

Submitted by suresh_in· Apr 18, 2026Deploy and Configure

Question

A company requires the firewall to block expired certificates issued by internet-hosted websites. The company plans to implement decryption in the future, but it does not perform SSL Forward Proxy decryption at this time. Without the use of SSL Forward Proxy decryption, how is the firewall still able to identify and block expired certificates issued by internet-hosted websites?

Options

ABy having a Certificate profile that contains the website's Root CA assigned to the respective
BBy using SSL Forward Proxy to decrypt SSL and TLS handshake communication and the
CBy using SSL Forward Proxy to decrypt SSL and TLS handshake communication in order to
DBy having a Decryption profile that blocks sessions with expired certificates in the No Decryption

Unlock PCNSE to see the answer

You've previewed enough free PCNSE questions. Unlock PCNSE for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock PCNSE - $49.99 / 30 days Sign in

Topics

#Decryption Profile#Certificate Validation#SSL/TLS Handshake#Security Policy

Full PCNSE Practice Browse All PCNSE Questions