NSE 4 – FortiGate 6.0 — Question 103

HTTP Public Key Pinning (HPKP) can be an obstacle to implementing full SSL inspection. What solutions could resolve this problem? (Choose two.)

Answer options

• A. Enable Allow Invalid SSL Certificates for the relevant security profile.
• B. Change web browsers to one that does not support HPKP.
• C. Exempt those web sites that use HPKP from full SSL inspection.
• D. Install the CA certificate (that is required to verify the web server certificate) stores of users' computers.

Correct answer: B, C

Explanation

Options B and C are correct because changing to a browser that does not support HPKP and exempting HPKP sites from inspection directly address the issues caused by HPKP. Option A does not solve the problem of HPKP itself, while option D is irrelevant to the HPKP challenge.