U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks NetSec-Analyst Exam - Topic 3 Question 15 Discussion

Based on the image below, what is a risk associated with this configuration?
A) Min Version setting of TLSv1.3 can cause compatibility issues with legacy applications or clients.
B) Authentication algorithm selections can significantly increase resource consumption and cause performance degradation.
C) Encryption algorithms 3DES and RC4 being disabled decreases security posture.
D) Max Version setting of 'Max' enables the use of Perfect Forward Secrecy (PFS) and cannot be decrypted.

Palo Alto Networks NetSec-Analyst Exam - Topic 3 Question 15 Discussion

Actual exam question for Palo Alto Networks's NetSec-Analyst exam
Question #: 15
Topic #: 3
[All NetSec-Analyst Questions]

Based on the image below, what is a risk associated with this configuration?

Show Suggested Answer Hide Answer
Suggested Answer: A

Comprehensive and Detailed 150 to 250 words of Explanation From Palo Alto Networks Network Security Analyst Knowledge:

In the provided image, the Decryption Profile is configured with a Min Version of TLSv1.3. While this represents a high security posture, it introduces a significant operational risk: compatibility issues with legacy applications or clients.

Many older operating systems, web browsers, and legacy internal applications do not support TLS 1.3. If a client or server attempts to negotiate a connection using an older, unsupported protocol version (such as TLS 1.2 or 1.1), the firewall will drop the connection because it falls below the configured minimum threshold. A Network Security Analyst must balance the need for modern encryption with the functional requirements of the network.

Option C is incorrect because disabling weak algorithms like 3DES and RC4 actually improves the security posture. Option D is incorrect because the firewall is fully capable of decrypting traffic using Perfect Forward Secrecy (PFS) if the appropriate certificates are installed. Option B is a general concern for all decryption but is not a specific risk of the versioning shown. Therefore, the most immediate risk of setting the minimum version to TLS 1.3 is the potential disruption of services for any user or system still relying on the widely-used TLS 1.2 protocol or older.


Contribute your Thoughts:

0/2000 characters

Currently there are no comments in this discussion, be the first to comment!


Save Cancel