NSE 6 – FortiWeb 5.6/6.0 — Question 22

Which is true about HTTPS on FortiWeb? (Choose three.)

Answer options

• A. For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.
• B. After enabling HSTS, redirects to HTTPS are no longer necessary.
• C. In true transparent mode, the TLS session terminator is a protected web server.
• D. Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2.
• E. In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.

Correct answer: A, C, E

Explanation

Option A is correct because SNI requires the chosen certificate for the server pool. Option C is accurate as true transparent mode utilizes the protected web server as the TLS terminator. Option E is also correct since in transparent inspection mode, the certificate selection is done for the server pool. Options B and D are incorrect; HSTS does not eliminate the need for HTTPS redirects, and using RC4 is not advisable despite its association with the BEAST attack.