Decryption consumes CPU resources, reducing throughput.
Why this answer
SSL decryption requires the firewall to intercept, decrypt, inspect, and re-encrypt traffic. This process is computationally intensive, especially for high-throughput environments. Even with dedicated hardware, the PA-5250's threat prevention throughput is rated without decryption; enabling it typically reduces throughput by 30-50% due to the overhead of cryptographic operations and deep packet inspection on decrypted content.
Exam trap
The trap here is that candidates assume dedicated hardware offloads all encryption overhead, ignoring that SSL decryption requires additional processing for inspection and re-encryption, which reduces overall throughput even with hardware acceleration.
How to eliminate wrong answers
Option B is wrong because while the PA-5250 uses dedicated hardware (e.g., DP processors), SSL decryption still imposes significant CPU and memory overhead for key exchange, certificate validation, and encryption/decryption, so throughput does not remain the same. Option C is wrong because offloading encryption to hardware reduces the overhead of encryption/decryption but does not increase throughput; the firewall must still perform inspection on decrypted traffic, which consumes resources. Option D is wrong because throughput decrease is not limited to video traffic; all decrypted traffic (HTTP, SMTP, etc.) requires inspection, and the performance impact is proportional to the volume and complexity of decrypted sessions.