NSE4 Question #289: Real Exam Question with Answer & Explanation

Question

Which of the following statements correctly describes the deepscan option for HTTPS?

Options

• AWhen deepscan is disabled, only the web server certificate is inspected; no decryption of content
• BEnabling deepscan will perform further checks on the server certificate.
• CDeepscan is only applicable to mail protocols, where all IP addresses in the header are checked.
• DWith deepscan enabled, archived files will be decompressed before scanning for a more

Explanation

When the 'deepscan' option is disabled for HTTPS, the FortiGate only inspects the web server's certificate for validity and trust, without decrypting or inspecting the actual content of the encrypted traffic.

Common mistakes.

• B. Enabling deepscan does more than just further check the server certificate; its primary function is to decrypt and inspect the content of the encrypted traffic for security threats or policy violations.
• C. Deepscan functionality is primarily associated with HTTP/HTTPS and other encrypted protocols for content inspection, not exclusively mail protocols, and its purpose is not limited to checking IP addresses in headers.
• D. While deepscan generally implies thorough scanning, the decompression and scanning of archived files is a feature of antivirus/sandboxing engines, not the core definition of 'deepscan' specifically for HTTPS protocol handling in the context of SSL inspection.

Concept tested. FortiGate SSL/TLS Inspection Modes

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/526779/ssl-ssh-inspection

No community discussion yet for this question.