ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam FCSS_EFW_AD-7.4 All Questions

View all questions & answers for the FCSS_EFW_AD-7.4 exam
Go to Exam

Exam FCSS_EFW_AD-7.4 topic 1 question 3 discussion

Actual exam question from Fortinet's FCSS_EFW_AD-7.4
Question #: 3
Topic #: 1
[All FCSS_EFW_AD-7.4 Questions]

A company's guest internet policy, operating in proxy mode, blocks access to Artificial Intelligence Technology sites using FortiGuard. However, a guest user accessed a page in this category using port 8443.
Which configuration changes are required for FortiGate to analyze HTTPS traffic on nonstandard ports like 8443 when full SSL inspection is active in the guest policy?

  • A. Add a URL wildcard domain to the website CA certificate and use it in the SSL/SSH Inspection Profile.
  • B. In the Protocol Port Mapping section of the SSL/SSH Inspection Profile, enter 443, 8443 to analyze both standard (443) and non-standard (8443) HTTPS ports.
  • C. To analyze nonstandard ports in web filter profiles, use TLSv1.3 in the SSL/SSH Inspection Profile.
  • D. Administrators can block traffic on nonstandard ports by enabling the SNI check in the SSL/SSH Inspection Profile.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Yaghu at March 20, 2025, 9:34 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
firewalk
2 months ago
Selected Answer: B
anyone did the exam recently, is it stable?
upvoted 1 times
...
themageofsec
2 months, 2 weeks ago
Selected Answer: B
B is correct
upvoted 1 times
...
greeklover84
3 months, 2 weeks ago
Selected Answer: B
Yes agree only B makes sense, for me at least.
upvoted 1 times
...
tioeudes
3 months, 2 weeks ago
Selected Answer: B
letter b is the only one that makes sense.
upvoted 1 times
...
Tweefo
3 months, 3 weeks ago
Selected Answer: B
B is correct “Because the firewall in this example has not enabled protocol port mapping for HTTPS and port 8443, the user will bypass the firewall…” “Protocol port mapping can be enabled... only if SSL inspection is activated… and the appropriate protocol port-mapping settings are configured.” Source : Study Guide 166
upvoted 1 times
...
Yaghu
4 months ago
Selected Answer: B
Answer B appears to be the only answer pertaining to port mapping.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel