CNX-001 · Question #75
CNX-001 Question #75: Real Exam Question with Answer & Explanation
The correct answer is D: The firewall has an expired certificate while SSL/HTTPS inspection is enabled.. When SSL inspection is turned on, the firewall intercepts and re-signs HTTPS traffic with its own certificate. If that certificate has expired, end users will see certificate errors even though port 443 is open and the backend application's certificate is valid.
Question
End users are getting certificate errors and are unable to connect to an application deployed in a cloud. The application requires HTTPS connection. A network solution architect finds that a firewall is deployed between end users and the application in the cloud. Which of the following is the root cause of the issue?
Options
- AThe firewall on the application server has port 443 blocked.
- BThe firewall has port 443 blocked while SSL/HTTPS inspection is enabled.
- CThe end users do not have certificates on their laptops.
- DThe firewall has an expired certificate while SSL/HTTPS inspection is enabled.
Explanation
When SSL inspection is turned on, the firewall intercepts and re-signs HTTPS traffic with its own certificate. If that certificate has expired, end users will see certificate errors even though port 443 is open and the backend application's certificate is valid.
Topics
Community Discussion
No community discussion yet for this question.