InStrata Cloud Manager (SCM), policies need to balanceprivacywhile ensuringsecure decryption for mobile users in Prisma Access. The correct approach involves:

SSL Forward Proxy (C)– Enablesdecryption of outbound SSL traffic, allowing security inspection while ensuring unauthorized data does not leave the network.

No Decryption (D)–Excludes personal data from being decrypted, ensuring compliance withprivacy regulations(e.g., GDPR, HIPAA) and protecting sensitive employee information.

SSL Forward Proxy (C)

Decrypts outbound SSL trafficfrom mobile users.

Inspects traffic for malware, data exfiltration, and compliance violations.

Ensurescorporate security policiesare enforced on user traffic.

No Decryption (D)

Ensuresprivacy-sensitive traffic(e.g., online banking, healthcare portals) remainsuntouched.

Exclusionscan be defined based oncategories, user groups, or destinations.

Helps maintainregulatory compliancewhile still securing other traffic.

(A) SSH Decryption– Not relevant in this context, as SSH traffic is typically used for administrative access rather than mobile user web browsing.

(B) SSL Inbound Inspection– Used forinbound traffic to company-hosted servers, not for securing outbound traffic from mobile users.

Firewall Deployment– SSL Forward Proxy enables traffic visibility, No Decryption protects privacy.

Security Policies– Defines what traffic should or should not be decrypted.

Threat Prevention & WildFire– Decryption helps detect hidden threats while excluding sensitive personal data.

Zero Trust Architectures– Ensuresleast-privilege access while maintaining privacy compliance.

Why These Two Policies?Other Answer Choices AnalysisReferences and Justification:Thus,SSL Forward Proxy (C) and No Decryption (D) are the correct answers, as they balance security and privacy for mobile users in Prisma Access.