View all questions & answers for the NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials exam


NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials-Question 58 Discussion

Refer to the exhibits. A network topology, firewall policy, and SSL/SSH inspection profile configuration are shown. What must you configure on firewall policy ID 2 to detect HTTPS attacks that target a Linux server hosting the website www.acmetest.com? (Choose one answer)

  • A. Enable HTTPS in the protocol port mapping of the deep-inspection SSL/SSH inspection profile.
  • B. Set inspection-mode to flow to analyze the HTTPS packets and make sure that they are as expected.
  • C. Set ips-sensor to IPS_block in the firewall policy.
  • D. Enable SSL inspection of the SSL server and upload the certificate of the Linux server website to the SSL/SSH inspection profile.
Correct Answer: D

Brave-Dump Clients Votes

D 75%
A 25%

Comments



l 2025-10-31 11:14:09

Selected Answers: A


I think A, because D sounds ridicilous.

Mike 2025-12-06 13:07:51

Selected Answers: D


since we want to protect the server and not the client we need to enable SSL Inspection of Protecting SSL Server. For that to function correctly you need to upload the Server certificate to have a valid certificate installed.
A would be needed if we want to secure the client from the server

Adam 2026-01-20 03:16:20

Selected Answers: D


https://docs.fortinet.com/document/fortigate/7.6.5/administration-guide/55107/protecting-an-ssl-server
The Protecting SSL Server option of the SSL/SSH Inspection profile is typically applied to an inbound firewall policy for clients on the internet that access a server behind the FortiGate. FortiGate uses the server certificate of the protected server to simulate the real server, which enables FortiGate to decrypt and inspect traffic destined to the real server. Therefore, a valid server certificate must be installed on the FortiGate to enable traffic inspection.

Mehdi 2026-03-10 12:46:45

Selected Answers: D


The current profile is set to "Multiple Clients Connecting to Multiple Servers" — this is for outbound/client traffic inspection
The Linux server hosts www.acmetest.com — this is an inbound attack scenario targeting a server
For protecting a specific SSL server, you need to switch to "Protecting SSL Server" mode
In this mode, FortiGate acts as a reverse proxy and needs the actual server certificate uploaded so it can decrypt and inspect inbound HTTPS traffic targeting that server
Without the server's certificate, FortiGate cannot decrypt inbound SSL to inspect for attacks