Basic Concept: A Forward Trust certificate used for SSL Forward Proxy must be trusted by endpoints. Otherwise users see certificate trust warnings for decrypted sites.

Why D is Correct: Installing the public CA certificate into client trust stores is the required next step because the firewall signs substitute server certificates during forward proxy decryption.

Why A is Wrong: Set the forward trust certificate as the SSL/TLS Service profile for the management interface. is associated with authentication, PKI, or TLS configuration, but it is not the object or step that enforces the certificate validation or service identity requirement being tested.

Why B is Wrong: Create a Security policy rule that allows traffic from the certificate of the firewall to all the zones. is associated with authentication, PKI, or TLS configuration, but it is not the object or step that enforces the certificate validation or service identity requirement being tested.

Why C is Wrong: Import the private key of the forward trust certificate onto the domain controller. is associated with authentication, PKI, or TLS configuration, but it is not the object or step that enforces the certificate validation or service identity requirement being tested.