Palo Alto questions with correct answers

Which feature can be configured to block sessions that the firewall cannot decrypt? Correct Answer-Decryption profile in decryption policy What is default setting for "Action" in a decryption policy rule? Correct Answer-No-decrypt Which type of Next Generation Firewall decryption inspects SSL traffic between an internal host and an external web server? Correct Answer-SSL Forward Proxy When SSL encrypted traffic first arrives at the Next Generation Firewall, which technology initially identifies the application as web-browsing? Correct Answer-App-ID On the Next Generation Firewall, which is the first configuration step for SSL Forward Proxy decryption? Correct Answer-Forward Trust Certificate Which type of Next Generation Firewall decryption inspects SSL traffic coming from external users to internal servers? Correct Answer-SSL Inbound Inspection True or False. In the Next Generation Firewall, even if the Decryption policy rule action is "no-decrypt," the Decryption Profile attached to the rule can still be configured to block sessions with expired or untrusted certificates. Correct Answer-True On the Next Generation firewall, what type of security profile detects infected files being transferred with the application? Correct Answer-Anti-Virus