FCSS – Enterprise Firewall Administrator 7.4 — Question 17

A user reports that their computer was infected with malware after accessing a secured HTTPS website. However, when the administrator checks the FortiGate logs, they do not see that the website was detected as insecure despite having an SSL certificate and correct profiles applied on the policy.
How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website?

Answer options

• A. The administrator must enable reputable websites to allow only SSL/TLS websites rated by FortiGuard web filter.
• B. The administrator must enable URL extraction from SNI on the SSL certificate inspection to ensure the TLS three-way handshake is correctly analyzed by FortiGate.
• C. The administrator must enable DNS over TLS to protect against fake Server Name Indication (SNI) that cannot be analyzed in common DNS requests on HTTPS websites.
• D. The administrator must enable full SSL inspection in the SSL/SSH Inspection Profile to decrypt packets and ensure they are analyzed as expected.

Correct answer: D

Explanation

The correct answer is D because enabling full SSL inspection allows FortiGate to decrypt and inspect the HTTPS traffic, ensuring that any potential threats are detected. Options A, B, and C do not address the need for decryption of the traffic, which is essential for proper analysis and detection of malware.