View all questions & answers for the Palo Alto Security Service Edge Engineer Exam Materials exam


Question 3 Discussion

Which two configurations must be enabled to allow App Acceleration for SaaS applications? (Choose two answers)

  • A. Acceleration agent for the client machines
  • B. QoS for user traffic
  • C. Trusted Root CA for the CA certificate
  • D. Forward Trust Certificate for the CA certificate
Correct Answer: C,D

Brave-Dump Clients Votes

CD 100%

Comments



Anonymous User 2026-02-26 06:48:45

Selected Answers: C, D


The correct answers are
C. Trusted Root CA for the CA certificate.
D. Forward Trust Certificate for the CA certificate.

Why Both Certificate Settings Are Required
App Acceleration for SaaS applications works by intercepting and inspecting HTTPS traffic to intelligently pre-fetch dynamic content, which requires Prisma Access to generate app-specific certificates on the fly. To do this, the root CA certificate you upload must be explicitly marked as both a Trusted Root CA and a Forward Trust Certificate — failing to enable either one will cause users to encounter SSL errors when accessing accelerated SaaS apps.

What Each Setting Does
Trusted Root CA (C): Marks the certificate as a trusted CA in Prisma Access, allowing it to sign the per-app certificates that App Acceleration dynamically creates for each accelerated SaaS application.

Forward Trust Certificate (D): Enables the certificate to be used during SSL forward proxy operations, which is how App Acceleration intercepts and re-signs traffic to SaaS apps.

Both settings must be configured on the same root CA certificate, then committed and pushed to Prisma Access before selecting it in the App Acceleration configuration.