Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE7_NST-7.2 Topic 3 Question 7 Discussion

Actual exam question for Fortinet's NSE7_NST-7.2 exam
Question #: 7
Topic #: 3
[All NSE7_NST-7.2 Questions]

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate. Which action will FortiGate take when using the default settings for SSL certificate inspection?

Show Suggested Answer Hide Answer
Suggested Answer: A

SNI and Certificate Mismatch: When the Server Name Indication (SNI) does not match either the Common Name (CN) or any of the Subject Alternative Names (SAN) in the server certificate, FortiGate's default behavior is to consider this as an invalid SSL/TLS configuration.

Default Action: FortiGate, under default settings for SSL certificate inspection, will close the connection to prevent potential security risks associated with mismatched certificates.


Fortinet Community: SSL Certificate Inspection Configuration and Behavior (Welcome to the Fortinet Community!).

by Val at Jun 24, 2024, 02:16 PM

Limited Time Offer

25%

Off

Get Premium NSE7_NST-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Otis
10 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration. Yep, that's the only way to go. Can't have any funny business going on with SSL/TLS, or else the whole internet might just collapse!
upvoted 0 times
...
Shawnda
11 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate. Sounds reasonable, but I hope the first one is the right one, or else it's gonna be a wild ride!
upvoted 0 times
Evan
9 months ago
If not, it could definitely make things interesting!
upvoted 0 times
...
Heike
9 months ago
Yeah, that does sound reasonable. Let's hope it's the right one!
upvoted 0 times
...
Mary
9 months ago
I think FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Jose
10 months ago
B) FortiGate uses the information from the Subject field in the server certificate.
upvoted 0 times
...
Romana
10 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Kathrine
10 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration
upvoted 0 times
...
...
Wilda
11 months ago
B) FortiGate uses the 31 information from the Subject field in the server certificate. Wait, what? 31? I think someone's been drinking a bit too much coffee...
upvoted 0 times
Dustin
10 months ago
D) FortiGate uses the SNI from the user's web browser.
upvoted 0 times
...
Marge
10 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Twana
10 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Helene
10 months ago
B) FortiGate uses the 31 information from the Subject field in the server certificate.
upvoted 0 times
...
Mirta
10 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration
upvoted 0 times
...
Oren
11 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration
upvoted 0 times
...
...
Erasmo
11 months ago
I'm not sure, but I think B) FortiGate uses the information from the Subject field in the server certificate.
upvoted 0 times
...
Stevie
11 months ago
I disagree, I believe the answer is C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Jesus
11 months ago
I think the answer is A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
upvoted 0 times
...
Shasta
12 months ago
D) FortiGate uses the SNI from the user's web browser. Duh, that's the whole point of SNI, to indicate the right server to connect to.
upvoted 0 times
...
Lindsey
12 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration. That's a no-brainer, you can't just ignore a mismatch like that!
upvoted 0 times
Luisa
11 months ago
FortiGate needs to prioritize security over convenience in these cases.
upvoted 0 times
...
Pansy
11 months ago
That's true, it's a security risk to ignore mismatches like that.
upvoted 0 times
...
Cyril
11 months ago
FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
upvoted 0 times
...
...

Save Cancel