View all questions & answers for the NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials exam


Question 40 Discussion

A user reports that their computer was infected with malware after accessing a secured HTTPS website. However, when the administrator checks the FortiGate logs, they do not see that the website was detected as insecure despite having an SSL certificate and correct profiles applied on the policy. How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website? (Choose one answer)

  • A. The administrator must enable reputable websites to allow only SSL/TLS websites rated by FortiGuard web filter.
  • B. The administrator must enable URL extraction from SNI on the SSL certificate inspection to ensure the TLS three-way handshake is correctly analyzed by FortiGate.
  • C. The administrator must enable DNS over TLS to protect against fake Server Name Indication (SNI) that cannot be analyzed in common DNS requests on HTTPS websites.
  • D. The administrator must enable full SSL inspection in the SSL/SSH Inspection Profile to decrypt packets and ensure they are analyzed as expected.
Correct Answer: D

Brave-Dump Clients Votes

D 100%

Comments



Adam 2026-01-19 10:25:13

Selected Answers: D


Study Guide mentions "if you require FortiGate to perform traffic decryption, inspection of encrypted payload, SSL proxying, and protection from HTTPS-based attacks, you will need to use full SSL inspection"

config firewall ssl-ssh-profile -> edit ... -> config ssl -> set inspect-all deep-inspection (not "certificate-inspection")