NSE 4 – FortiGate 6.2 — Question 102

HTTP public key pinning (HPKP) can be an obstacle to implementing full SSL inspection.
In which two ways can you resolve this problem? (Choose two.)

Answer options

• A. Enable Allow Invalid SSL Certificates for the relevant security profile.
• B. Exempt those web sites that use HPKP from full SSL inspection.
• C. Install the CA certificate (that is required to verify the web server certificate) in the certificate stores of users' computers.
• D. Use a web browser that does not support HPKP.

Correct answer: B, D

Explanation

The correct answers are B and D because exempting sites that use HPKP from SSL inspection avoids conflicts with HPKP policies, while using a browser without HPKP support eliminates the issue altogether. Options A and C do not address the core problem of HPKP and could introduce security vulnerabilities or complexities instead.