Topic 1 Question 195
Your company deployed Cloud Next Generation Firewall Enterprise (Cloud NGFW Enterprise). You have already created a CA pool and a CA in Certificate Authority Service. You need to enable TLS inspection. What should you do?
Grant the network security service agent service account the privateca.certificateRequester role. Create a TLS inspection policy linking to the CA pool. Configure your VPC endpoint associations to use the TLS inspection policy. Flip the TLS inspection flag in your firewall policy rules to true.
Grant the network security service agent service account the privateca.poolReader role. Create a TLS inspection policy linking to the CA pool. Configure your VPC endpoint associations to use the TLS inspection policy. Flip the TLS inspection flag in your firewall policy rules to true.
Grant the network security service agent service account the privateca.certificateRequester role. Create a trust config in Certificate Manager Flip the TLS inspection flag in your firewall policy rules to true.
Grant the network security service agent service account the privateca.certificateRequester role. Create a trust config in Certificate Manager. Flip the TLS inspection flag in your firewall policy rules to true.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: A
A is correct. CA Service Certificate Requester roles/privateca.certificateRequester privateca.certificates.create A CA Service Certificate Requester role can submit certificate requests to a CA pool. We recommend that you grant this role to trusted individuals who are allowed to request certificates.
👍 1RKS_20212025/02/24
シャッフルモード