PrepAway - Latest Free Exam Questions & Answers

Which step is a valid solution to the problem?

You have replaced an explicit proxy Web filter with a FortiGate. The human resources department requires
that all URLs be logged. Users are reporting that their browsers are now indicating certificate errors as
shown in the exhibit.

Which step is a valid solution to the problem?

PrepAway - Latest Free Exam Questions & Answers

A.
Make sure that the affected users’ browsers are no longer set to use the explicit proxy.

B.
Import the FortiGate’s SSL CA certificate into the Web browsers.

C.
Change the Web filter policies on the FortiGate to only do certificate inspection.

D.
Make a Group Policy to install the FortiGate’s SSL certificate as a trusted host certificate on the Web
browser.

Explanation:
For https traffic inspection, client machine should install fortigate’s ssl certificate

4 Comments on “Which step is a valid solution to the problem?

  1. aioross says:

    B and D could be the answer.

    B – is correct because you are importing the SSL certificate into the Browser – you don´t need to be AD Administrator to do it, only donwload SSL certificate used in SSL Deep Inspection profile and install into Web Browser

    D- More complete, if you know about GPO – Policy Group Rules and how to configure it into AD you could deploy SSL certificate donwloaded from SSL Deep inspection profile and install into all users browsers.




    0



    0
  2. air112 says:

    C could also be correct, the question states “requires
    that all URLs be logged” this can be done with just certificate inspection, Deep packet inspection is not necessary to achieve this. (so importing of certificates is also not needed)

    As B an D are somewhat similar solutions i would probably go for C.




    0



    0
  3. Whatever says:

    This is a horribly written question. SSL deep inspection has nothing to do with all URLs being logged. You don’t even need certificate inspection for that one.

    B is technically accurate but the question hints that this is a larger company since it has an HR dept, so thus they are looking for you to make a change centrally. Assuming that you have only Windows machines, D is the best way to tackle the problem and still have deep packet inspection.

    Unfortunately since the problem also does not elaborate on whether full SSL inspection is a requirement, C is also accurate as a way to fulfill the requirement that all URL’s are logged and it fixes the issue of invalid SSL cert for users.

    So yeah. Take your pick here. BAD question.




    0



    0

Leave a Reply

Your email address will not be published. Required fields are marked *