Free Cisco 300-710 Actual Exam Questions - Question 12 Discussion
over HTTPS. Which method must the administrator use to meet the requirement?
A/D? Blocking the whole banking category (D) seems too broad if you want to allow a specific site. Enabling SSL decryption (A) lets you target that site specifically over HTTPS.
A/C? Without SSL decryption, the firewall can’t inspect HTTPS traffic at the URL level, so C (disabling SSL inspection) wouldn’t help because you still can’t filter by URL. A seems necessary to allow one specific banking site securely. D blocks the whole banking category, which contradicts the goal of allowing access to a specific site. B doesn’t make sense since the app is HTTPS, not HTTP. So A looks like the only option that actually meets the requirement.
A. Without SSL decryption, the firewall can’t see inside HTTPS traffic to filter by URL, so enabling it is essential to allow that specific banking site.
Maybe D works too, since blocking the whole banking category while allowing WWW could be a way to control access without messing with SSL decryption. Seems like a simpler workaround.
It’s A, since you need to decrypt SSL to inspect HTTPS traffic properly.
A for sure, you gotta decrypt SSL to see the HTTPS site URL.