CompTIA Security+ (SY0-501) — Question 540

A systems administrator has installed a new UTM that is capable of inspecting SSL/TLS traffic for malicious payloads. All inbound network traffic coming from the
Internet and terminating on the company's secure web servers must be inspected. Which of the following configurations would BEST support this requirement?

Answer options

• A. The web servers' CA full certificate chain must be installed on the UTM.
• B. The UTM certificate pair must be installed on the web servers.
• C. The web servers' private certificate must be installed on the UTM.
• D. The UTM and web servers must use the same certificate authority.

Correct answer: A

Explanation

The correct answer is A because the UTM needs the full certificate chain to validate SSL/TLS connections properly and inspect the traffic. Option B is incorrect because the UTM does not require its certificate pair on the web servers for traffic inspection. Option C is wrong as the UTM needs the public certificates for inspection, not the private one. Option D is not necessary since the UTM can function with certificates from different authorities as long as the full chain is installed.