Free Palo Alto Networks NGFW-Engineer Actual Exam Questions - Question 6 Discussion
Question No. 6
Which configuration step is required when implementing a new self-signed root certificate authority
(CA) certificate for SSL decryption on a Palo Alto Networks firewall?
(CA) certificate for SSL decryption on a Palo Alto Networks firewall?
Select one option, then reveal solution.
US
KV
Kevin V.
2026-02-19
Disabling existing rules (D) doesn’t help; cert trust is key.
0
BL
Bilal L.
2026-02-13
A. Clients have to trust the root CA cert in their trust stores; otherwise, SSL warnings will pop up when the firewall intercepts and decrypts traffic.
0
BL
Bilal L.
2026-02-12
A, clients must trust the root CA cert to avoid SSL warnings during decryption.
0
MG
Mohammad G.
2026-02-09
Maybe A, clients need to trust the cert for decryption to function properly.
0
PP
Peter P.
2026-01-16
This one’s kinda confusing since it talks about a root CA but all options mention subordinate CAs. Going with A because importing to client trust stores feels right. A
0