FCSS – Enterprise Firewall Administrator 7.4 — Question 44

An administrator must minimize CPU and RAM use on a FortiGate firewall while also enabling essential security features, such as web filtering and application control for HTTPS traffic.
Which SSL inspection setting helps reduce system load while also enabling security features, such as web filtering and application control for encrypted HTTPS traffic?

Answer options

• A. Use full SSL inspection to thoroughly inspect encrypted payloads.
• B. Disable SSL inspection entirely to conserve resources.
• C. Configure SSL inspection to handle HTTPS traffic efficiently.
• D. Enable SSL certificate inspection mode to perform basic checks without decrypting traffic.

Correct answer: D

Explanation

The correct answer is D because enabling SSL certificate inspection mode allows the firewall to perform essential security checks without the overhead of decrypting traffic, thus conserving system resources. Option A is incorrect as full SSL inspection is resource-intensive, and option B completely disables security features. Option C suggests efficient handling but does not specifically address the resource savings while maintaining essential security functions.