NSE4 Question #248: Real Exam Question with Answer & Explanation

Question

SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection?

Options

• AThe file is buffered by the application proxy.
• BThe file is buffered by the SSL proxy.
• CIn the upload direction, the file is buffered by the SSL proxy.
• DNo file buffering is needed since a stream-based scanning approach is used for SSL content

Explanation

After the SSL proxy decrypts encrypted traffic, the unencrypted content is passed to the application-layer proxies, which then buffer the data for subsequent content inspection by various security modules.

Common mistakes.

• B. The SSL proxy's primary role is decryption and re-encryption; the actual buffering for deep content inspection typically occurs at the application proxy level after the data is decrypted.
• C. Even in the upload direction, the SSL proxy handles the secure tunnel, but the buffering required for thorough content inspection is usually performed by the application-layer proxy.
• D. File buffering is often necessary for comprehensive content inspection by security features like antivirus scanning, which require examining the complete file rather than just a continuous stream to detect threats effectively.

Concept tested. FortiGate SSL proxy and content inspection buffering

Reference. https://docs.fortinet.com/document/fortigate/7.0.0/security-fabric-administration-guide/209971/ssl-inspection

No community discussion yet for this question.