The subject common name from the website certificate is used to match HTTPS traffic without performing SSL inspection. This allows the system to identify and match the URLs without decrypting the traffic, hence avoiding SSL inspection.
You can use URL filtering regarding CN, otherwise URL filtering would not work at all because URL that you are visiting in in HTTP header and that header is encrypted in SSL. There is also option in advance settings regarding decrypting TLS 1.3 so you can get Cn of server
D. Specify the protocol in the object.
To define a URL object on Cisco FMC without performing SSL inspection, the engineer can simply specify the protocol used by the URL, which is typically "http://" or "https://". By specifying the protocol in the object, the Cisco FMC will not attempt to perform SSL inspection on the URL.
Option D is therefore the correct answer. The engineer should specify the protocol in the object to define a URL object on Cisco FMC without performing SSL inspection. The other options are not relevant to this task.
Answer:C The correct method to specify the URL without performing SSL inspection is to specify the protocol in the object, which is option C. This can be done by selecting "http" or "https" from the Protocol drop-down menu in the Add URL Object window in Cisco FMC. By doing so, the FMC will create a URL object that matches only the specified protocol and will not inspect SSL traffic. Options A, B, and D are not relevant to this task.
B is the answer.
"HTTPS filtering, unlike HTTP filtering, disregards subdomains within the subject common name. Do not include subdomain information when manually filtering HTTPS URLs"
https://www.cisco.com/c/en/us/td/docs/security/firepower/670/fdm/fptd-fdm-config-guide-670/fptd-fdm-access.html
The Correct answer is B: If you plan to use a URL object to match HTTPS traffic in an access control rule, create the object using the subject common name in the public key certificate used to encrypt the traffic. Also, the system disregards subdomains within the subject common name, so do not include subdomain information. For example, use example.com rather than www.example.com.
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/reusable_objects.html#ID-2243-00000414
No, Mevijil is correct:
You don´t need to decrypt anything to read the Certificates CN field....
B is correct.
upvoted 2 times
...
...
...
This section is not available anymore. Please use the main Exam Page.300-710 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Stevens0103
8 months, 3 weeks agoTHEODORABLE
1 year, 5 months agoInitial14
1 year, 7 months agoInitial14
1 year, 7 months agoJoe_Blue
1 year, 8 months agotanri04
1 year, 8 months agomatan24
1 year, 8 months agoMevijil
1 year, 9 months agoBaumb
1 year, 9 months agofreho
1 year, 9 months ago