NSE4 · Question #186
NSE4 Question #186: Real Exam Question with Answer & Explanation
The correct answer is A: The root certificate of the FortiGate SSL proxy must be imported into the local certificate store on. To prevent web browser warnings during FortiGate SSL content inspection, the FortiGate's root certificate must be imported and trusted by client devices.
Question
SSL content inspection is enabled on the FortiGate unit. Which of the following steps is required to prevent a user from being presented with a web browser warning when accessing an SSL- encrypted website?
Options
- AThe root certificate of the FortiGate SSL proxy must be imported into the local certificate store on
- BDisable the strict server certificate check in the web browser under Internet Options.
- CEnable transparent proxy mode on the FortiGate unit.
- DEnable NTLM authentication on the FortiGate unit. NTLM authentication suppresses the
Explanation
To prevent web browser warnings during FortiGate SSL content inspection, the FortiGate's root certificate must be imported and trusted by client devices.
Common mistakes.
- B. Disabling strict server certificate checks is a security risk and is not the proper method to handle warnings arising from a trusted SSL inspection certificate.
- C. Transparent proxy mode configures how traffic is intercepted, but it does not address the cryptographic trust relationship required between the client browser and the FortiGate's SSL inspection certificate.
- D. NTLM authentication is an authentication protocol and has no direct relevance to suppressing web browser warnings related to untrusted SSL certificates during inspection.
Concept tested. FortiGate SSL inspection certificate trust
Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/575290/ssl-tls-inspection
Topics
Community Discussion
No community discussion yet for this question.