Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)
A.
Create a no-decrypt Decryption Policy rule.
B.
Configure an EDL to pull IP addresses of known sites resolved from a CRL.
C.
Create a Dynamic Address Group for untrusted sites
D.
Create a Security Policy rule with vulnerability Security Profile attached.
E.
Enable the “Block sessions with untrusted issuers” setting.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit