Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 348
An engineer is configuring web filtering for a network using Cisco Umbrella Secure Internet Gateway. The requirement is that all traffic needs to be filtered. Using the SSL decryption feature, which type of certificate should be presented to the end-user to accomplish this goal?
Answer options
- A. SubCA
- B. organization owned root
- C. self-signed
- D. third-party
Correct answer: B
Explanation
The correct answer is B, as an organization owned root certificate allows for trusted SSL decryption across the network, ensuring that all traffic can be inspected. A SubCA (A) does not provide the same level of trust to end-users, while self-signed (C) and third-party (D) certificates may not be recognized as trustworthy by user devices, leading to security warnings.