A user reports that their computer was infected with malware after accessing a secured HTTPS website. However, when the administrator checks the FortiGate logs, they do not see that the website was detected as insecure despite having an SSL certificate and correct profiles applied on the policy. How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website? (Choose one answer)

A. The administrator must enable reputable websites to allow only SSL/TLS websites rated by FortiGuard web filter.
B. The administrator must enable URL extraction from SNI on the SSL certificate inspection to ensure the TLS three-way handshake is correctly analyzed by FortiGate.
C. The administrator must enable DNS over TLS to protect against fake Server Name Indication (SNI) that cannot be analyzed in common DNS requests on HTTPS websites.
D. The administrator must enable full SSL inspection in the SSL/SSH Inspection Profile to decrypt packets and ensure they are analyzed as expected.

Correct Answer: D

Brave-Dump Clients Votes

D 100%

Comments

Brave-Dumps Admin 2025-04-28 22:40:07

Selected Answers: D

C is confirmed,

Full SSL inspection is mandatory for FortiGate to properly analyze and secure HTTPS traffic content beyond just validating certificates.