Exam FCP_FGT_AD-7.4 topic 1 question 76 discussion

Actual exam question from Fortinet's FCP_FGT_AD-7.4

Question #: 76
Topic #: 1

A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy.

When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the and does not block the file allowing it to be downloaded.

The administrator confirms that the traffic matches the configured firewall policy.

What are two reasons for the failed virus detection by FortiGate? (Choose two.)

A. The selected SSL inspection profile has certificate inspection enabled
B. The browser does not trust the FortiGate self-signed CA certificate
C. The EICAR test file exceeds the protocol options oversize limit
D. The website is exempted from SSL inspection

Show Suggested Answer

Suggested Answer: AD 🗳️

by CharlieS8 at Oct. 25, 2024, 5:11 a.m.

Comments

Submit Cancel

x666

5 months, 1 week ago

Selected Answer: AD

That certificate inspection is *enabled* throw me out a bit.. Because I though that deep-inspection also inspects the certificate. But after checking the GUI, the for options Inspection Method are: SSL Certificate Inspection | Full SLL Inspection.

upvoted 1 times

...