View all questions & answers for the NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials exam


Question 19 Discussion

A vulnerability scan report has revealed that a user has generated traffic to the website example.com using a weak SSL/TLS version supported by the HTTPS web server. What can you do to block all outdated SSL/TLS versions on any HTTPS web server to prevent possible attacks on user traffic? (Choose one answer)

  • A. Enable server certificate SNI check in the SSL/SSH inspection profile.
  • B. Enable auto-detection of outdated SSL/TLS versions in the SSL/SSH inspection profile to block vulnerable websites.
  • C. Block invalid SSL certificates in the SSL/SSH inspection profile.
  • D. Configure the unsupported SSL version and set the minimum allowed SSL version in the HTTPS settings of the SSL/SSH inspection profile.
Correct Answer: D

Brave-Dump Clients Votes

D 100%

Comments



Adam 2026-01-18 10:29:10

Selected Answers: D


Example from Study Guide:
config firewall ssl-ssh-profile
edit "ssl_ssh_profile"
config https
set unsupported-ssl-version block
set min-allowed-ssl-version tls-1.2
end
end