View all questions & answers for the NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials exam


Question 33 Discussion

You must minimize CPU and RAM use on a FortiGate firewall while also enabling essential security features, such as web filtering and application control for HTTPS traffic. Which SSL inspection setting reduces system load while also enabling security features, such as web filtering and application control for encrypted HTTPS traffic? (Choose one answer)

  • A. Configure SSL inspection to handle HTTPS traffic efficiently.
  • B. Disable SSL inspection to preserve resources.
  • C. Use deep SSL inspection to inspect encrypted HTTPS traffic.
  • D. Enable SSL certificate inspection mode to perform basic checks without decrypting traffic.
Correct Answer: D

Brave-Dump Clients Votes

D 100%

Comments



Adam 2026-01-19 08:37:49

Selected Answers: D


From Study Guide:
To conserve CPU or RAM resources in your firewall, SSL certificate inspection mode should be sufficient. It covers several functions, such as SSL handshake inspection, server name indication (SNI) parsing, server certificate validation, URL extraction from SNI, URL extraction from certificate, web filtering, and application control. However, if you require FortiGate to perform traffic decryption, inspection of encrypted payload, SSL proxying, and protection from HTTPS-based attacks, you will need to use full SSL inspection.