View all questions & answers for the FCSS - Enterprise Firewall 7.4 Administrator Exam Materials exam


Question 41 Discussion

A vulnerability scan report has revealed that a user has generated traffic to the website example.com (10.10.10.10) using a weak SSL/TLS version supported by the HTTPS web server. What can the firewall administrator do to block all outdated SSL/TLS versions on any HTTPS web server to prevent possible attacks on user traffic? (Choose one answer)

  • A. Configure the unsupported SSL version and set the minimum allowed SSL version in the HTTPS settings of the SSL/SSH inspection profile.
  • B. Enable auto-detection of outdated SSL/TLS versions in the SSL/SSH inspection profile to block vulnerable websites.
  • C. Install the required certificate in the client's browser or use Active Directory policies to block specific websites as defined in the SSL/SSH inspection profile.
  • D. Use the latest certificate, Fortinet_SSL_ECDSA256, and replace the CA certificate in the SSL/SSH inspection profile.
Correct Answer: A

Brave-Dump Clients Votes

A 100%

Comments



Brave-Dumps Admin 2025-04-28 14:14:24

Selected Answers: A


A is correct
EFW 7.4 study guide page 167 confirms that,

"FortiGate can detect the minimum TLS version allowed in an outbound policy. In the example shown on this slide, the configurations unsupported-ssl-version and min-allowed-ssl-version block TLS versions 1.0 and 1.1 while accepting newer versions."

"By using FortiGate to specify which versions of TLS should be blocked or accepted, you can enhance the security of your enterprise network’s HTTPS protocol."