Certificados

Question #: 207 In SSL Forward Proxy decryption, which two certificates can be used for certificate signing? (Choose two.). A. self-signed CA certificate. B. server certificate. C. wildcard server certificate. D. client certificate. E. enterprise CA certificate.

Question #: 238 A remote administrator needs firewall access on an untrusted interface. Which two components are required on the firewall to configure certificate-based administrator authentication to the web Ul? (Choose two.). A. certificate authority (CA) certificate. B. server certificate. C. client certificate. D. certificate profile.

Question #: 217 A network administrator wants to use a certificate for the SSL/TLS Service Profile. Which type of certificate should the administrator use?. A. machine certificate. B. server certificate. C. certificate authority (CA) certificate. D. client certificate.

Question #: 272 An administrator needs firewall access on a trusted interface. Which two components are required to configure certificate-based, secure authentication to the web UI? (Choose two.). A. server certificate. B. SSL/TLS Service Profile. C. certificate profile. D. SSH Service Profile.

Question #: 428 An engineer needs to configure SSL Forward Proxy to decrypt traffic on a PA-5260. The engineer uses a forward trust certificate from the enterprise PKI that expires December 31, 2025. The validity date on the PA-generated certificate is taken from what?. A. The root CA. B. The untrusted certificate. C. The server certificate. D. The trusted certificate.

Question #: 404 An engineer is configuring secure web access (HTTPS) to a Palo Alto Networks firewall for management. Which profile should be configured to ensure that management access via web browsers is encrypted with a trusted certificate?. A. A Certificate profile should be configured with a trusted root CA. B. An SSL/TLS Service profile should be configured with a certificate assigned. C. An Interface Management profile with HTTP and HTTPS enabled should be configured. D. An Authentication profile with the allow list of users should be configured.

Question #: 428 An engineer needs to configure SSL Forward Proxy to decrypt traffic on a PA-5260. The engineer uses a forward trust certificate from the enterprise PKI that expires December 31, 2025. The validity date on the PA-generated certificate is taken from what?. A. The root CA. B. The untrusted certificate. C. The server certificate. D. The trusted certificate.

Question #: 440 Review the screenshot of the Certificates page. An administrator for a small LLC has created a series of certificates as shown, to use for a planned Decryption roll out. The administrator has also installed the self-signed root certificate in all client systems. When testing, they noticed that every time a user visited an SSL site, they received unsecured website warnings. What is the cause of the unsecured website warnings?. A. The forward trust certificate has not been signed by the self-singed root CA certificate. B. The forward trust certificate has not been installed in client systems. C. The forward untrust certificate has not been signed by the self-singed root CA certificate. D. The self-signed CA certificate has the same CN as the forward trust and untrust certificates.

Question #: 445 An administrator wants to enable Palo Alto Networks cloud services for Device Telemetry and IoT. Which type of certificate must be installed?. A. External CA certificate. B. Server certificate. C. Device certificate. D. Self-signed root CA certificate.

Question #: 447 An engineer is configuring SSL Inbound Inspection for public access to a company’s application. Which certificate(s) need to be installed on the firewall to ensure that inspection is performed successfully?. A. Intermediate CA(s) and End-entity certificate. B. Root CA and Intermediate CA(s). C. Self-signed certificate with exportable private key. D. Self-signed CA and End-entity certificate.

Question #: 448 A network security administrator wants to begin inspecting bulk user HTTPS traffic flows egressing out of the internet edge firewall. Which certificate is the best choice to configure as an SSL Forward Trust certificate. A. A Machine Certificate for the firewall signed by the organization’s PKI. B. A web server certificate signed by the organization’s PKI. C. A subordinate Certificate Authority certificate signed by the organization’s PKI. D. A self-signed Certificate Authority certificate generated by the firewall.

Question #: 453 A network administrator wants to deploy SSL Forward Proxy decryption. What two attributes should a forward trust certificate have? (Choose two.). A. A certificate authority (CA) certificate. B. A private key. C. A server certificate. D. A subject alternative name.

Question #: 517 An administrator has been tasked with deploying SSL Forward Proxy. Which two types of certificates are used to decrypt the traffic? (Choose two.). A. Device certificate. B. Subordinate CA from the administrator’s own PKI infrastructure. C. Self-signed root CA. D. External CA certificate.

Question #: 519 A network security administrator wants to inspect HTTPS traffic from users as it egresses through a firewall to the Internet/Untrust zone from trusted network zones. The security admin wishes to ensure that if users are presented with invalid or untrusted security certificates, the user will see an untrusted certificate warning. What is the best choice for an SSL Forward Untrust certificate?. A. A self-signed certificate generated on the firewall. B. A web server certificate signed by the organization’s PKI. C. A web server certificate signed by an external Certificate Authority. D. A subordinate Certificate Authority certificate signed by the organization’s PKI.