PCNSE · Question #823
PCNSE Question #823: Real Exam Question with Answer & Explanation
The correct answer is D: It enhances security by actively blocking access to potentially insecure sites with expired. A decryption policy with the action of "No Decryption" means that the firewall will not decrypt SSL/TLS traffic. However, it still provides protections related to SSL/TLS inspection, such as the ability to check certificate validity (e.g., expired certificates, untrusted issuers,
Question
A decryption policy has been created with an action of "No Decryption." The decryption profile is configured in alignment to best practices. What protections does this policy provide to the enterprise?
Options
- AIt allows for complete visibility into certificate data, ensuring secure connections to all websites.
- BIt ensures that the firewall checks its certificate store, enabling sessions with trusted self-signed
- CIt encrypts all certificate information to maintain privacy and compliance with local regulations.
- DIt enhances security by actively blocking access to potentially insecure sites with expired
Explanation
A decryption policy with the action of "No Decryption" means that the firewall will not decrypt SSL/TLS traffic. However, it still provides protections related to SSL/TLS inspection, such as the ability to check certificate validity (e.g., expired certificates, untrusted issuers, etc.). This helps the firewall enhance security by blocking access to websites that use potentially insecure or compromised certificates.
Topics
Community Discussion
No community discussion yet for this question.