Decryption Mirror Quiz
Test Your Knowledge
1. An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a third-party, deep-level packet inspection appliance. Which interface type and license feature are necessary to meet the requirement?
A. Decryption Mirror interface with the Threat Analysis license
B. Virtual Wire interface with the Decryption Port Export license
C. Tap interface with the Decryption Port Mirror license
D. Decryption Mirror interface with the associated Decryption Port Mirror license
2. Which two features require another license on the NGFW? (Choose two.)
A. SSL Inbound Inspection
B. SSL Forward Proxy
C. Decryption Mirror
D. Decryption Broker
3. Which three statements accurately describe Decryption Mirror? (Choose three.)
A. Decryption, storage, inspection, and use of SSL traffic regulated in certain countries.
B. You should consult with your corporate counsel before activating and using Decryption Mirror in a production environment.
C. Decryption Mirror requires a tap interface on the firewall.
D. Only management consent is required to use the Decryption Mirror future.
E. Use of Decryption Mirror might enable malicious users with administrative access to the firewall to harvest sensitive information that is submitted via an encrypted channel.
4. An engineer wants to forward all decrypted traffic on a PA-850 firewall to a forensic tool with a decrypt mirror interface. Which statement is true regarding the configuration of the Decryption Port Mirroring feature?
A. The engineer should install the Decryption Port Mirror license and reboot the firewall.
B. The PA-850 firewall does not support decrypt mirror interface, so the engineer needs to upgrade the firewall to PA-3200 series.
C. The engineer must assign an IP from the same subnet with the forensic tool to the decrypt mirror interface.
D. The engineer must assign the related virtual-router to the decrypt mirror interface.
Submit Quiz