2025 – Microsoft Exam Dumps

[2025-November-New]Braindump2go AI-900 VCE Questions Free[Q104-Q129]

November 12, 2025 Leave a comment bdadmin

2025/November Latest Braindump2go AI-900 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go AI-900 Real Exam Questions!

QUESTION 104
You use Azure Machine Learning designer to build a model pipeline. What should you create before you can run the pipeline?

A. a Jupyter notebook
B. a registered model
C. a compute resource

Answer: C

QUESTION 105
You need to build an image tagging solution for social media that tags images of your friends automatically.
Which Azure Cognitive Services service should you use?

A. Computer Vision
B. Face
C. Text Analytics
D. Form Recognizer

Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/cognitive-services/face/overview
https://docs.microsoft.com/en-us/azure/cognitive-services/face/face-api-how-to-topics/howtodetectfacesinimage

QUESTION 106
You use drones to identify where weeds grow between rows of crops to send an Instruction for the removal of the weeds.
This is an example of which type of computer vision?

A. scene segmentation
B. optical character recognition (OCR)
C. object detection

[2025-November-New]Braindump2go AI-102 Dumps with PDF and VCE Free[Q303-Q345]

November 12, 2025 Leave a comment bdadmin

2025/November Latest Braindump2go AI-102 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go AI-102 Real Exam Questions!

QUESTION 303
You are building a chatbot.
You need to ensure that the bot will recognize the names of your company’s products and codenames. The solution must minimize development effort.
Which Azure Cognitive Service for Language service should you include in the solution?

A. custom text classification
B. entity linking
C. custom Named Entity Recognition (NER)
D. key phrase extraction

Answer: C

QUESTION 304
You have an Azure subscription that contains an Azure App Service app named App1.
You provision a multi-service Azure AI Services resource named CSAccount1.
You need to configure App1 to access CSAccount1. The solution must minimize administrative effort.
What should you use to configure App1?

A. a system-assigned managed identity and an X.509 certificate
B. the endpoint URI and an OAuth token
C. the endpoint URI and a shared access signature (SAS) token
D. the endpoint URI and subscription key

Answer: D

QUESTION 305
You have an Azure subscription that contains a multi-service Azure AI Translator resource named Translator1.
You are building an app that will translate text and documents by using Translator1.
You need to create the REST API request for the app.
Which headers should you include in the request?

A. the access control request, the content type, and the content length
B. the subscription key and the client trace ID
C. the resource ID and the content language
D. the subscription key, the subscription region, and the content type

[2025-November-New]Braindump2go 300-420 Dumps Free[Q1-Q80]

November 11, 2025 Leave a comment bdadmin

2025/November Latest Braindump2go 300-420 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 300-420 Real Exam Questions!

QUESTION 1
Which routes does the overlay management protocol advertise in an SD-WAN overlay?

A. underlay, MPLS, and overlay
B. primary, backup, and load-balanced
C. prefix, TLOC, and service
D. Internet, MPLS, and backup

Answer: C

QUESTION 2
A network solution is being designed for a company that connects to multiple Internet service providers. Which Cisco proprietary BGP path attribute will influence outbound traffic flow?

A. Local Preference
B. MED
C. Weight
D. AS Path
E. Community

Answer: C
Explanation:
Weight is Cisco proprietary and is the first decision of all path attributes to influence outbound traffic on a singular router. Weight is non-transitive and will only influence routes as they leave that device.

QUESTION 3
Refer to the exhibit. EIGRP has been configured on all links. The spoke nodes have been configured as EIGRP stubs, and the WAN links to R3 have higher bandwidth and lower delay than the links to R4.
When a link failure occurs at the R1-R2 link, what happens to traffic on R1 that is destined for a subnet attached to R2?

A. R1 has no route to R2 and drops the traffic
B. R1 load-balances across the paths through R3 and R4 to reach R2
C. R1 forwards the traffic to R3, but R3 drops the traffic
D. R1 forwards the traffic to R3 in order to reach R2

[2025-November-New]Braindump2go 300-415 Practice Exam Free[Q1-Q66]

November 11, 2025 Leave a comment bdadmin

2025/November Latest Braindump2go 300-415 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 300-415 Real Exam Questions!

QUESTION 1
Which device information is required on PNP/ZTP to support the zero touch onboarding process?

A. serial and chassis numbers
B. interface IP address
C. public DNS entry
D. system IP address

Answer: A
Explanation:
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sd-wan-wan-edge-onboarding-deploy-guide-2020jan.pdf

QUESTION 2
Which configuration step is taken on vManage after WAN Edge list is uploaded to support the on-boarding process before the device comes online?

A. Verify the device certificate
B. Enable the ZTP process
C. Set the device as valid
D. Send the list to controllers

Answer: C+
Explanation:

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sdwan-wan-edge-onboarding-deploy-guide-2020nov.pdf

QUESTION 3
Which SD-WAN component is configured to enforce a policy to redirect branch-to-branch traffic toward a network service such as a firewall or IPS?

A. vBond
B. vSmart
C. WAN Edge
D. Firewall

[2025-November-New]Braindump2go 300-410 Dumps Free[Q409-Q460]

November 11, 2025 Leave a comment bdadmin

2025/November Latest Braindump2go 300-410 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 300-410 Real Exam Questions!

QUESTION 409
An engineer is creating a policy that overrides normal routing behavior.if the route to a destination of 10.100.100.0/24 is withdrawn from the routing Table, the policy must direct traffic to a next hop of 10.1 1.1. if the route is present in the routing table, then normal forwarding must occur.
Which
configuration meets the requirements?

A. access-list 100 permit ip any any
!
route-map POLICY permit 10
match ip address 100
set ip next-hop recursive 10.1.1.1
B. access-list 100 permit ip any 10.100.100.0 0.0.0.255 !
Route-map POLICY permit 10
match ip address 100
set ip default next-hop 10.1.1.1
C. access-list 100 permit ip any 10.100.100.0 0.0.0.255 !
route-map POLICY permit 10
match ip address 100
set ip next-hop 10.1.1.1
!
route map POLICY permit 20
D. access-list 100 permit ip any 10.100.100.0 0.0.0.255 !
route map POLICY permit 10
match ip address 100
Set ip next-hop recursive 10.1.1.1
!
route-map POLICY permit 20

Answer: D

QUESTION 410
Refer to the exhibit. After a new regional office is set up, not all guests can access the internet via guest Wi Fi. Clients are getting the correct IP address from guest Wi-Fi VLAN 364.
Which action resolves the issue ?

A. Allow 10.66.46.0/23 in the outbound ACL
B. Allow DNS traffic through the outbound ACL
C. Allow DNS traffic through the inbound ACL
D. Allow 10.66.46.0/23 in the inbound ACL

[2025-November-New]Braindump2go 200-301 Exam Questions Free[Q1560-Q1614]

November 10, 2025 Leave a comment bdadmin

2025/November Latest Braindump2go 200-301 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 200-301 Real Exam Questions!

QUESTION 1560
Refer to the exhibit. Which switch in this configuration will be elected as the root bridge?
SW1: 0С:0А:05:22:05:97
SW2: 0C:0A:A8:1A:3C:9D
SW3: 0С:0А:18:81:ВЗ:19
SW4: 0С:4А:82:56:35:78

A. SW1
B. SW2
C. SW3
D. SW4

Answer: C
Explanation:
You can manipulate the Root Bridge Election by setting Bridge priority on your switches. The default value is 32768, and the lowest number is preferred. In the case of a tie, the switch with the lowest MAC address will be selected.

QUESTION 1561
Which alternative to password authentication is implemented to allow enterprise devices to log in to the corporate network?

A. 90-day renewal policies
B. magic links
C. one-time passwords
D. digital certificates

Answer: D

QUESTION 1562
Refer to the exhibit. The user has connectivity to devices on network 192.168.3.0/24 but cannot reach users on the network 10.10.1.0/24. What is the first step to verify connectivity?

A. Is the internet reachable?
B. Is the default gateway reachable?
C. Is the DNS server reachable?
D. Is the IPv4 address reachable?

[2025-November-New]Braindump2go 200-201 Dumps PDF Free[Q390-Q422]

November 10, 2025 Leave a comment bdadmin

2025/November Latest Braindump2go 200-201 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 200-201 Real Exam Questions!

QUESTION 390
Which statement describes indicators of attack?

A. A malicious file is detected by the AV software.
B. Internal hosts communicate with countries outside of the business range.
C. Phishing attempts on an organization are blocked by mail AV.
D. Critical patches are missing.

Answer: B
Explanation:
Indicators of Attack (IoA) refer to observable behaviors or artifacts that suggest a security breach or ongoing attack.
When internal hosts communicate with countries outside the business range, it may indicate data exfiltration or command-and-control communication to an external threat actor. Unlike Indicators of Compromise (IoC) which indicate that a system has already been compromised, IoAs are often used to identify malicious activity in its early stages. Monitoring for unusual outbound connections is a crucial aspect of detecting advanced persistent threats (APTs) and other sophisticated attacks.

QUESTION 391
Which type of data is used to detect anomalies in the network?

A. statistical data
B. metadata
C. transaction data
D. alert data

Answer: A
Explanation:
Statistical data is crucial for detecting anomalies within a network because it provides a baseline of normal behavior.
Anomaly detection involves comparing current network data against historical statistical data to identify deviations from expected patterns.
This method helps in identifying unusual activities that could signify a security threat, such as unusual login attempts, data transfers, or access patterns. Statistical data analysis tools use metrics such as mean, variance, and standard deviation to flag anomalies, aiding in proactive threat detection.

QUESTION 392
What is data encapsulation?

A. Data is encrypted backwards, which makes it unusable.
B. Multiple hosts can be supported with only a few public IP addresses.
C. A protocol of the sending host adds additional data to the packet header.
D. Browsing history is erased automatically with every session.

[2025-November-New]Braindump2go 200-901 Exam Dumps PDF Free[Q454-Q490]

November 10, 2025 Leave a comment bdadmin

2025/November Latest Braindump2go 200-901 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 200-901 Real Exam Questions!

QUESTION 454
Which CI/CD component allows for the storing of code packages and enables the testing of the same code that is running on the live system?

A. Artifactory
B. Jira
C. ITSM
D. Git

Answer: A
Explanation:
Git is used for source code and Artifactory is used for the binaries which go with the source code.

QUESTION 455
A development team needs to containerize an application named ‘custapp4o3p2r6d3s6w7x6t9’. A Dockerfile has been created and now the docker build command must be run using the current folder to find the Dockerfile, build the image and create a local repository named ‘custapp4d5c-repo’ that points to that image. Which command must be used?

A. docker build custapp4d5c-repo Dockerfile
B. docker build -t acustapp4d5c-repo Dockerfile.txt
C. docker build custapp4d5c-repo -f Dockerfile.txt
D. docker build -t custapp4d5c-repo -f Dockerfile

Answer: D
Explanation:
The -t flag is used to specify the name (and optionally a tag) of the image.
The -f flag is used to specify the location of the Dockerfile.
The . at the end represents the build context, which is the current directory.

QUESTION 456
A web app must be accessible from computers and mobile devices. It must maintain the same data structure on both types of devices. What is the advantage of using the MVC design pattern for this app?

A. to asynchronously update the graphical interface
B. to define different algorithms for data manipulation
C. to separate the logic of the graphic interface of the different devices
D. to have only one instance of the objects that contain the data

[2025-November-New]Braindump2go NS0-521 VCE Exam Questions Free[Q1-Q35]

November 5, 2025 Leave a comment bdadmin

2025/November Latest Braindump2go NS0-521 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go NS0-521 Real Exam Questions!

QUESTION 1
What connectivity Is required between NetApp ONTAP clusters in order to configure SnapMirror active sync across two data centers for FC?

A. Cedicated FC switches and ISL
B. Shared FC switches
C. Cluster peering
D. Dedicated IP switches and ISL

Answer: C
Explanation:
To configure SnapMirror active sync across two data centers using FC (Fibre Channel), the required connectivity between NetApp ONTAP clusters is cluster peering. Cluster peering involves establishing a trust relationship between the clusters, allowing them to replicate data seamlessly. This setup ensures that data synchronization and disaster recovery processes are effective and reliable.

QUESTION 2
What is the minimum number of rack units that are required on each site for a NetApp AFF All San Array (ASA) A800 MetroCluster IP configuration with 72 disks per site and Cisco N9K-C9336C-FX2 backend switches?

A. 16 RU
B. 8 RU
C. 12 RU
D. 4 RU

[2025-November-New]Braindump2go NS0-528 PDF Dumps Free Share[Q1-Q33]

November 5, 2025 Leave a comment bdadmin

2025/November Latest Braindump2go NS0-528 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go NS0-528 Real Exam Questions!

QUESTION 1
An administrator is setting up SnapMirror SVM replication. One of the source data volumes uses cloud tiering with the snapshot-only tiering policy.
Which cloud tiering policy is supported on the destination volume?

A. none
B. auto
C. all
D. snapshot-only

Answer: D
Explanation:
When using SnapMirror SVM replication, the cloud tiering policy on the destination volume must match the source if tiering is to be preserved. The only supported tiering policy in this context is snapshot-only, which moves cold Snapshot blocks to cloud tier. This ensures compatibility during replication.

QUESTION 2
What are the two modes for Autonomous Ransomware Protection (ARP)? (Choose two.)

A. active
B. listening
C. passive
D. learning

[2025-November-New]Braindump2go XSIAM-Analyst VCE Free Download[Q1-Q30]

November 3, 2025 Leave a comment bdadmin

2025/November Latest Braindump2go XSIAM-Analyst Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go XSIAM-Analyst Real Exam Questions!

QUESTION 1
Which type of task can be used to create a decision tree in a playbook?

A. Sub-playbook
B. Job
C. Standard
D. Conditional

Answer: D
Explanation:
Conditional tasks let you define multiple outcome branches based on evaluated expressions, enabling decision-tree logic within a playbook.

QUESTION 2
A Cortex XSIAM analyst is investigating a security incident involving a workstation after having deployed a Cortex XDR agent for 45 days. The incident details include the Cortex XDR Analytics Alert “Uncommon remote scheduled task creation.”
Which response will mitigate the threat?

A. Revoke user access and conduct a user audit.
B. Allow list the processes to reduce alert noise.
C. Initiate the endpoint isolate action to contain the threat.
D. Prioritize blocking the source IP address to prevent further login attempts.

Answer: C
Explanation:
An “Uncommon remote scheduled task creation” suggests possible remote code execution or persistence. Isolating the affected endpoint immediately cuts it off from the network, stopping command-and-control or lateral movement while you investigate and remediate.

QUESTION 3
Which Cytool command will re-enable protection on an endpoint that has Cortex XDR agent protection paused?

A. cytool security enable
B. cytool service start
C. cytool runtime start
D. cytool protect enable

[2025-November-New]Braindump2go SOA-C03 Exam Questions Free[Q1-Q40]

November 3, 2025 Leave a comment bdadmin

2025/October Latest Braindump2go SOA-C03 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go SOA-C03 Real Exam Questions!

QUESTION 1
A medical research company uses an Amazon Bedrock powered AI assistant with agents and knowledge bases to provide physicians quick access to medical study protocols. The company needs to generate audit reports that contain user identities, usage data for Bedrock agents, access data for knowledge bases, and interaction parameters.
Which solution will meet these requirements?

A. Use AWS CloudTrail to log API events from generative AI workloads. Store the events in CloudTrail Lake. Use SQL-like queries to generate reports.
B. Use Amazon CloudWatch to capture generative AI application logs. Stream the logs to Amazon OpenSearch Service. Use an OpenSearch dashboard visualization to generate reports.
C. Use Amazon CloudWatch to log API events from generative AI workloads. Send the events to an Amazon S3 bucket. Use Amazon Athena queries to generate reports.
D. Use AWS CloudTrail to capture generative AI application logs. Stream the logs to Amazon Managed Service for Apache Flink. Use SQL queries to generate reports.

Answer: A
Explanation:
As per AWS Cloud Operations, Bedrock, and Governance documentation, AWS CloudTrail is the authoritative service for capturing API activity and audit trails across AWS accounts. For Amazon Bedrock, CloudTrail records all user-initiated API calls, including interactions with agents, knowledge bases, and generative AI model parameters.
Using CloudTrail Lake, organizations can store, query, and analyze CloudTrail events directly without needing to export data. CloudTrail Lake supports SQL-like queries for generating audit and compliance reports, enabling the company to retrieve information such as user identity, API usage, timestamp, model or agent ID, and invocation parameters.
In contrast, CloudWatch focuses on operational metrics and log streaming, not API-level identity data. OpenSearch or Flink would add unnecessary complexity and cost for this use case.
Thus, the AWS-recommended CloudOps best practice is to leverage CloudTrail with CloudTrail Lake to maintain auditable, queryable API activity for Bedrock workloads, fulfilling governance and compliance requirements.

QUESTION 2
A company needs to enforce tagging requirements for Amazon DynamoDB tables in its AWS accounts. A CloudOps engineer must implement a solution to identify and remediate all DynamoDB tables that do not have the appropriate tags.
Which solution will meet these requirements with the LEAST operational overhead?

A. Create a custom AWS Lambda function to evaluate and remediate all DynamoDB tables. Create an Amazon EventBridge scheduled rule to invoke the Lambda function.
B. Create a custom AWS Lambda function to evaluate and remediate all DynamoDB tables. Create an AWS Config custom rule to invoke the Lambda function.
C. Use the required-tags AWS Config managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure an automatic remediation action that uses an AWS Systems Manager Automation custom runbook.
D. Create an Amazon EventBridge managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure the EventBridge rule to run an AWS Systems Manager Automation custom runbook for remediation.

[2025-New-Exam]Braindump2go FCP_FSM_AN-7.2 Dumps Free[Q1-Q16]

October 29, 2025 Leave a comment bdadmin

2025/October Latest Braindump2go FCP_FSM_AN-7.2 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go FCP_FSM_AN-7.2 Real Exam Questions!

Question: 1
Which statement about thresholds is true?

A. FortiSIEM uses fixed, hardcoded global and device thresholds for all performance metrics.
B. FortiSIEM uses only device thresholds for security metrics.
C. FortiSIEM uses global and per device thresholds for performance metrics.
D. FortiSIEM uses only global thresholds for performance metrics.

Answer: C
Explanation:
FortiSIEM evaluates performance metrics against both global thresholds, which apply system-wide, and per-device thresholds, which can be customized for individual devices. This dual approach allows flexibility in monitoring while ensuring consistent baseline alerting.

Question: 2
Which running mode takes the most time to perform machine learning tasks?

A. Local auto
B. Local
C. Forecasting
D. Regression

[2025-New-Exam]Braindump2go FCP_FAC_AD-6.5 Practice Test Free[Q1-Q15]

October 28, 2025 Leave a comment bdadmin

2025/October Latest Braindump2go FCP_FAC_AD-6.5 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go FCP_FAC_AD-6.5 Real Exam Questions!

Question: 1
Which three of the following can be used as SSO sources? (Choose three.)
A. RADIUS accounting
B. FortiClient SSO Mobility Agent
C. SSH sessions
D. FortiGate
E. FortiAuthenticator in SAML SP role

Answer: A, B, D
Explanation:
RADIUS accounting can be used by FortiAuthenticator to obtain user identity and session details for SSO.
FortiClient SSO Mobility Agent reports user login events to FortiAuthenticator for SSO.
FortiGate can act as an SSO source by sending user authentication information to FortiAuthenticator.

Question: 2
You have implemented two-factor authentication to enhance security to sensitive enterprise systems.
How could you bypass the need for two-factor authentication for users accessing form specific secured networks?
A. Enable Adaptive Authentication in the portal policy.
B. Specify the appropriate RADIUS clients in the authentication policy.
C. Create an admin realm in the authentication policy.
D. Enable the Resolve user geolocation from their IP address option in the authentication policy

[2025-New-Exam]Braindump2go FCSS_EFW_AD-7.6 Exam Prep Free[Q1-Q25]

October 24, 2025 Leave a comment bdadmin

2025/October Latest Braindump2go FCSS_EFW_AD-7.6 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go FCSS_EFW_AD-7.6 Real Exam Questions!

Question: 1
A company that acquired multiple branches across different countries needs to install new FortiGate devices on each of those branches. However, the IT staff lacks sufficient knowledge to implement the initial configuration on the FortiGate devices.
Which three approaches can the company take to successfully deploy advanced initial configurations on remote branches? (Choose three.)

A. Use metadata variables to dynamically assign values according to each FortiGate device.
B. Use provisioning templates and install configuration settings at the device layer.
C. Use the Global ADOM to deploy global object configurations to each FortiGate device.
D. Apply Jinja in the FortiManager scripts for large-scale and advanced deployments.
E. Add FortiGate devices on FortiManager as model devices, and use ZTP or LTP to connect to FortiGate devices.

Answer: A, B, E
Explanation:
Use metadata variables to dynamically assign values according to each FortiGate device:
Metadata variables in FortiManager allow device-specific configurations to be dynamically assigned without manually configuring each FortiGate. This is especially useful when deploying multiple devices with similar base configurations.
Use provisioning templates and install configuration settings at the device layer:
Provisioning templates in FortiManager provide a structured way to configure FortiGate devices. These templates can define interfaces, policies, and settings, ensuring that each device is correctly configured upon deployment.
Add FortiGate devices on FortiManager as model devices, and use ZTP or LTP to connect to FortiGate devices:
Zero-Touch Provisioning (ZTP) and Local Touch Provisioning (LTP) help automate the deployment of FortiGate devices. By adding devices as model devices in FortiManager, configurations can be pushed automatically when devices connect for the first time, reducing manual effort.

Question: 2
An administrator is checking an enterprise network and sees a suspicious packet with the MAC address e0:23:ff:fc:00:86.
What two conclusions can the administrator draw? (Choose two.)

A. The suspicious packet is related to a cluster that has VDOMs enabled.
B. The network includes FortiGate devices configured with the FGSP protocol.
C. The suspicious packet is related to a cluster with a group-id value lower than 255.
D. The suspicious packet corresponds to port 7 on a FortiGate device.

Answer: A, C
Explanation:
The MAC address e0:23:ff:fc:00:86 follows the format used in FortiGate High Availability (HA) clusters. When FortiGate devices are in an HA configuration, they use virtual MAC addresses for failover and redundancy purposes.
The suspicious packet is related to a cluster that has VDOMs enabled:
FortiGate devices with Virtual Domains (VDOMs) enabled use specific MAC address ranges to differentiate HA-related traffic. This MAC address is likely part of that mechanism.
The suspicious packet is related to a cluster with a group-id value lower than 255:
FortiGate HA clusters assign virtual MAC addresses based on the group ID. The last octet (00:86) corresponds to a group ID that is below 255, confirming this option.

Question: 3
A company’s guest internet policy, operating in proxy mode, blocks access to Artificial Intelligence Technology sites using FortiGuard. However, a guest user accessed a page in this category using port 8443.
Which configuration changes are required for FortiGate to analyze HTTPS traffic on nonstandard ports like 8443 when full SSL inspection is active in the guest policy?

A. Add a URL wildcard domain to the website CA certificate and use it in the SSL/SSH Inspection Profile.
B. In the Protocol Port Mapping section of the SSL/SSH Inspection Profile, enter 443, 8443 to analyze both standard (443) and non-standard (8443) HTTPS ports.
C. To analyze nonstandard ports in web filter profiles, use TLSv1.3 in the SSL/SSH Inspection Profile.
D. Administrators can block traffic on nonstandard ports by enabling the SNI check in the SSL/SSH Inspection Profile.