Huawei H12-711_V4.0 - HCIA-Security V4.0 Exam

Explanation From HCIA-Security documents:

HTTPS protects web-based management by combining encryption with server identity authentication . For the browser to trust the device’s HTTPS service, the device must present a server certificate that can be validated by the browser. That is why administrators often configure the device to use a local certificate (the device’s certificate) that is issued by a trusted CA or whose CA chain has been imported into the browser/OS trust store. When the certificate is trusted, the browser can verify the certificate chain, validity period, and hostname binding, which helps prevent attackers from impersonating the device during login.

If a device uses a self-signed or untrusted certificate, the browser shows warnings and users may click through them, increasing the risk of man-in-the-middle attacks and credential theft. Using a CA-trusted certificate strengthens administrator logins by ensuring the management page you connect to is genuinely the intended device and that the session is encrypted end-to-end.

This statement is TRUE . When an administrator logs in to a device through the web UI over HTTPS , the device acts as the HTTPS server and presents a local certificate to the web browser during the TLS handshake. If this certificate is issued by a CA trusted by the browser , the browser can verify the certificate chain, confirm the identity of the device, and establish an encrypted session without certificate warning messages.

This process improves security in two important ways. First, it provides server identity authentication , which helps the administrator confirm that the browser is connected to the legitimate device rather than an impersonated or spoofed host. Second, once the certificate is trusted and the TLS session is established, the communication is encrypted and protected for integrity , which reduces the risk of eavesdropping, tampering, and man-in-the-middle attacks during administrator login.

If a trusted CA certificate is not used, administrators may see browser warnings and may not be able to reliably confirm the server identity. Therefore, configuring a CA-issued certificate for HTTPS management helps prevent malicious attacks and ensures more secure administrator access.