FCSS – Enterprise Firewall Administrator 7.6 — Question 32

A vulnerability scan report has revealed that a user has generated traffic to the website example.com using a weak SSUTLS version supported by the HTTPS web server.
What can you do to block all outdated SSL/TLS versions on any HTTPS web server to prevent possible attacks on user traffic?

Answer options

• A. Enable server certificate SNI check in the SSL/SSH inspection profile.
• B. Enable auto-detection of outdated SSL/TLS versions in the SSL/SSH inspection profile to block vulnerable websites.
• C. Block invalid SSL certificates in the SSL/SSH inspection profile.
• D. Configure the unsupported SSL version and set the minimum allowed SSL version in the HTTPS settings of the SSL/SSH inspection profile.

Correct answer: D

Explanation

The correct answer is D because configuring the unsupported SSL version and setting the minimum allowed SSL version directly addresses the issue of outdated protocols by preventing their use. Options A, B, and C do not effectively block outdated SSL/TLS versions; they focus on monitoring or handling certificates rather than ensuring only secure protocols are used.