Joe, a security technician, is configuring two new firewalls through the web on each. Each time
Joe connects, there is a warning message in the browser window about the certificate being
untrusted. Which of the following will allow Joe to configure a certificate for the firewall so that
firewall administrators are able to connect both firewalls without experiencing the warning
message?
A.
Apply a permanent override to the certificate warning in the browser
B.
Apply a wildcard certificate obtained from the company’s certificate authority
C.
Apply a self-signed certificate generated by each of the firewalls
D.
Apply a single certificate obtained from a public certificate authority
Another badly written question: “Joe, a security technician, is configuring two new firewalls through the web on each
1st) A permanent override would not certify the Firewall and would be a security breach – This eliminates A
2nd) The Certificate must be private, not public- This eliminates D
So this is a toss-up between B and C
B- Apply a wildcard certificate obtained from the company’s certificate authority. A wildcard certificate is best used with Servers
C-Create a Self-Signed Root CA Certificate is the best answer.
A self-signed root certificate authority (CA) certificate is the top-most certificate in a certificate chain. A firewall can use this certificate to automatically issue certificates for other uses. For example, the firewall issues certificates for SSL/TLS decryption and for satellites in a GlobalProtect large-scale VPN.
When establishing a secure connection with the firewall, the remote client must trust the root CA that issued the certificate. Otherwise, the client browser will display a warning that the certificate is invalid and might (depending on security settings) block the connection. To prevent this, after generating the self-signed root CA certificate, import it into the client systems.
1
0