PCNSE Question #709: Real Exam Question with Answer & Explanation

Sign in or unlock PCNSE to reveal the answer and full explanation for question #709. The question stem and answer options stay visible for context.

Submitted by mateo_ar· Apr 18, 2026Deploy and Configure

Question

A network security administrator wants to inspect HTTPS traffic from users as it egresses through a firewall to the Internet/Untrust zone from trusted network zones. The security admin wishes to ensure that if users are presented with invalid or untrusted security certificates, the user will see an untrusted certificate warning. What is the best choice for an SSL Forward Untrust certificate?

Options

AA self-signed certificate generated on the firewall
BA web server certificate signed by the organization's PKI
CA web server certificate signed by an external Certificate Authority
DA subordinate Certificate Authority certificate signed by the organization's PKI

Unlock PCNSE to see the answer

You've previewed enough free PCNSE questions. Unlock PCNSE for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock PCNSE - $49.99 / 30 days Sign in

Topics

#SSL Decryption#Certificate Management#Forward Untrust#Firewall Configuration

Full PCNSE Practice Browse All PCNSE Questions