PCNSA

Full exam simulation

1:20:00
1

Decryption and Monitoring

hard

Refer to the exhibit. An administrator configures decryption for HTTPS traffic from internal users. However, traffic using TLS 1.3 is not being decrypted. Which change should be made to decrypt TLS 1.3 traffic?

Exhibit

{
  "decryption-policy": {
    "rules": [
      {
        "name": "Decrypt-HTTPs-Corp",
        "source-zones": ["internal"],
        "dest-zones": ["external"],
        "source-users": ["corp-users"],
        "destination-addresses": ["any"],
        "service": ["service-https"],
        "action": "decrypt",
        "decryption-profile": "Standard-Decrypt"
      }
    ]
  },
  "decryption-profile": {
    "name": "Standard-Decrypt",
    "ssl-decrypt-settings": {
      "forward-trust-cert": "PA-Forward-Trust",
      "forward-untrust-cert": "PA-Forward-Untrust",
      "decrypt-unknown-protocol": false,
      "ssl-protocol-settings": {
        "min-version": "tls1-0",
        "max-version": "tls1-2"
      }
    }
  }
}
0 of 80 answered