NSE4 Question #323: Real Exam Question with Answer & Explanation

Question

View the exhibit. When a user attempts to connect to an HTTPS site, what is the expected result with this configuration?

Options

• AThe user is required to authenticate before accessing sites with untrusted SSL certificates.
• BThe user is presented with certificate warnings when connecting to sites that have untrusted SSL
• CThe user is allowed access all sites with untrusted SSL certificates, without certificate warnings.
• DThe user is blocked from connecting to sites that have untrusted SSL certificates (no exception

Explanation

Based on the configuration, when a user attempts to connect to an HTTPS site with an untrusted SSL certificate, they will receive a certificate warning.

Common mistakes.

• A. The action for untrusted SSL certificates is a warning, not a requirement for authentication, which is a separate security control.
• C. The configuration is explicitly set to provide a warning, not to allow access without any notification.
• D. The action is set to "Warning," which means the connection is not outright blocked; the user is given an option to proceed past the warning.

Concept tested. FortiGate SSL inspection untrusted certificate action

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/918459/ssl-ssh-inspection-profile-features

No community discussion yet for this question.