After enabling and configuring Outbound HTTPS inspection on Security Gateway, you need to prevent users...

The correct answer is B. For outbound HTTPS Inspection, the Security Gateway signs generated site certificates using the HTTPS Inspection outbound CA certificate. To prevent browser warnings, client computers must trust that CA certificate. The correct Windows certificate store for enterprise deployment is Trusted Root Certification Authorities – Local Computer. Option A is wrong because “Third-party Root Certification Authorities” is not the correct store for the gateway’s generated inspection CA. Option C is also wrong because it uses the third-party store and limits trust to the current user. Option D is close in wording but less correct for centrally managed endpoint trust; deploying to Local Computer ensures machine-wide trust for users and services on that computer. The operational logic is simple: if the client does not trust the inspection CA, the gateway-generated certificate chain will appear untrusted, triggering browser or application certificate warnings. Reference topics: HTTPS Inspection, outbound CA certificate, client certificate trust store, Trusted Root Certification Authorities.