Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE8_812 Topic 1 Question 27 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 27
Topic #: 1
[All NSE8_812 Questions]

Refer to the exhibit.

You have deployed a security fabric with three FortiGate devices as shown in the exhibit. FGT_2 has the following configuration:

FGT_1 and FGT_3 are configured with the default setting. Which statement is true for the synchronization of fabric-objects?

Show Suggested Answer Hide Answer
Suggested Answer: B, D

Bis correct because the OCSP check of the certificate can be combined with a certificate revocation list (CRL). This means that the FortiGate will check the OCSP server to see if the certificate has been revoked, and it will also check the CRL to see if the certificate has been revoked.

Dis correct because if the OCSP server is unreachable, authentication will succeed if the certificate matches the CA. This is because the FortiGate will fall back to using the CRL if the OCSP server is unreachable.

The other options are incorrect. Option A is incorrect because OCSP checks can go to other OCSP servers, not just the FortiAuthenticator. Option C is incorrect because OCSP certificate responses can be cached by the FortiGate.

References:

Configuring SSL VPN authentication using digital certificates | FortiGate / FortiOS 7.2.0 - Fortinet Document Library

Online Certificate Status Protocol (OCSP) | FortiGate / FortiOS 7.2.0 - Fortinet Document Library

Certificate Revocation Lists (CRLs) | FortiGate / FortiOS 7.2.0 - Fortinet Document Library


by Sabra at Jul 06, 2024, 07:16 AM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Frederica
12 days ago
Wait, the root FortiGate is like the king of the forest, but it only talks to one of its subjects? This exam is really testing my networking knowledge... and my sense of humor.
upvoted 0 times
...
Caprice
13 days ago
This is like a security version of 'If a tree falls in a forest and no one is around to hear it, does it make a sound?' The root FortiGate might as well be a tree falling if it doesn't sync to anything.
upvoted 0 times
...
Rebecka
14 days ago
Ah, I see what they're getting at. The root FortiGate only syncs to the one with the custom config. Makes sense, I guess. *shrugs*
upvoted 0 times
...
Dean
1 months ago
Hmm, I'm confused. If FGT_2 is the only one with a custom config, shouldn't the objects from the root FortiGate sync to that one? This question is tricky.
upvoted 0 times
Tiffiny
10 days ago
User 2: No, I believe objects from the root FortiGate will only be synchronized to FGT_3.
upvoted 0 times
...
Adelle
17 days ago
User 1: I think objects from the root FortiGate will only be synchronized to FGT_2.
upvoted 0 times
...
...
Annamae
1 months ago
Wait, so the root FortiGate doesn't sync to the downstream devices? That seems like a security nightmare. I better double-check the documentation on this one.
upvoted 0 times
Stanton
10 days ago
Let's verify the synchronization process to avoid any vulnerabilities in our network.
upvoted 0 times
...
Deandrea
15 days ago
It's important to ensure that all devices in the security fabric are properly synchronized.
upvoted 0 times
...
Olen
24 days ago
I think we should definitely review the documentation to make sure we have the correct understanding.
upvoted 0 times
...
Malcom
1 months ago
I agree, that does sound like a potential security risk.
upvoted 0 times
...
...
Margret
2 months ago
But if FGT_2 is the root FortiGate, then objects should sync to FGT_3, right?
upvoted 0 times
...
Tyra
2 months ago
I disagree, I believe the correct answer is D.
upvoted 0 times
...
Margret
2 months ago
I think the answer is A.
upvoted 0 times
...

Save Cancel