Exam FCSS_EFW_AD-7.4 topic 1 question 41 discussion

Actual exam question from Fortinet's FCSS_EFW_AD-7.4

Question #: 41
Topic #: 1

A vulnerability scan report has revealed that a user has generated traffic to the website example.com (10.10.10.10) using a weak SSL/TLS version supported by the HTTPS web server.
What can the firewall administrator do to block all outdated SSL/TLS versions on any HTTPS web server to prevent possible attacks on user traffic?

A. Configure the unsupported SSL version and set the minimum allowed SSL version in the HTTPS settings of the SSL/SSH inspection profile.
B. Enable auto-detection of outdated SSL/TLS versions in the SSL/SSH inspection profile to block vulnerable websites.
C. Install the required certificate in the client's browser or use Active Directory policies to block specific websites as defined in the SSL/SSH inspection profile.
D. Use the latest certificate, Fortinet_SSL_ECDSA256, and replace the CA certificate in the SSL/SSH inspection profile.

Show Suggested Answer

Suggested Answer: A 🗳️

by Tweefo at March 27, 2025, 1:29 p.m.

Comments

Submit Cancel

hugojt

2 days, 6 hours ago

Selected Answer: A

Correct is the A Answer Pag 167 of the Study Guide Manual. Fortigate can detect the minimum TLS version allowed in an outbound policy. In the example shown on this slide the configurations unsupported-ssl-version and min-allowed-ssl-version block TLS versions 1.0 and 1.1 while accepting newer versions.

upvoted 1 times

...

Exam FCSS_EFW_AD-7.4 All Questions

View all questions & answers for the FCSS_EFW_AD-7.4 exam

Exam FCSS_EFW_AD-7.4 topic 1 question 41 discussion

Comments

hugojt

SY0-701