Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)
A . Create a no-decrypt Decryption Policy rule.
B . Configure an EDL to pull IP addresses of known sites resolved from a CR
D . Create a Dynamic Address Group for untrusted sites
E . Create a Security Policy rule with vulnerability Security Profile attached.
F . Enable the “Block sessions with untrusted issuers” setting.
Answer: A,D