New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet NSE8_812 Exam - Topic 1 Question 27 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 27
Topic #: 1
[All NSE8_812 Questions]

Refer to the exhibit.

You have deployed a security fabric with three FortiGate devices as shown in the exhibit. FGT_2 has the following configuration:

FGT_1 and FGT_3 are configured with the default setting. Which statement is true for the synchronization of fabric-objects?

Show Suggested Answer Hide Answer
Suggested Answer: B, D

Bis correct because the OCSP check of the certificate can be combined with a certificate revocation list (CRL). This means that the FortiGate will check the OCSP server to see if the certificate has been revoked, and it will also check the CRL to see if the certificate has been revoked.

Dis correct because if the OCSP server is unreachable, authentication will succeed if the certificate matches the CA. This is because the FortiGate will fall back to using the CRL if the OCSP server is unreachable.

The other options are incorrect. Option A is incorrect because OCSP checks can go to other OCSP servers, not just the FortiAuthenticator. Option C is incorrect because OCSP certificate responses can be cached by the FortiGate.

References:

Configuring SSL VPN authentication using digital certificates | FortiGate / FortiOS 7.2.0 - Fortinet Document Library

Online Certificate Status Protocol (OCSP) | FortiGate / FortiOS 7.2.0 - Fortinet Document Library

Certificate Revocation Lists (CRLs) | FortiGate / FortiOS 7.2.0 - Fortinet Document Library


by Sabra at Jul 06, 2024, 07:16 AM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Renea
3 months ago
C sounds correct to me, no sync to downstream.
upvoted 0 times
...
Viva
3 months ago
I think B is the right answer, not A.
upvoted 0 times
...
Leigha
3 months ago
Wait, are you sure about that? Seems off.
upvoted 0 times
...
Jestine
4 months ago
Totally agree, that's how it works!
upvoted 0 times
...
Denae
4 months ago
FGT_2 syncs objects to upstream FortiGates.
upvoted 0 times
...
Marsha
4 months ago
I feel like the answer might be that objects from FGT_2 sync to FGT_1 and FGT_3, but I can't remember the specifics.
upvoted 0 times
...
Maryann
4 months ago
I practiced a similar question where the root device only synced to one downstream device. I wonder if that's the case here too.
upvoted 0 times
...
Lorrine
4 months ago
I think the root FortiGate should sync its objects to the downstream devices, but I can't recall if it goes both ways.
upvoted 0 times
...
Pamella
5 months ago
I remember something about how fabric objects sync in a hierarchy, but I'm not sure if FGT_2 can sync to both FGT_1 and FGT_3.
upvoted 0 times
...
Yuki
5 months ago
Hmm, I'm a bit confused about the default settings for FGT_1 and FGT_3. I'll need to double-check the information provided to determine the correct answer.
upvoted 0 times
...
Jutta
5 months ago
The key here is to identify which FortiGate is the root device and how the synchronization should work based on the configuration of FGT_2. I'm feeling confident I can solve this.
upvoted 0 times
...
Camellia
5 months ago
Okay, let me take a closer look at the exhibit and the FortiGate configuration. I think I have a good understanding of how the fabric-objects should be synchronized.
upvoted 0 times
...
Lauran
5 months ago
This question seems straightforward, but I want to make sure I understand the configuration details before selecting an answer.
upvoted 0 times
...
Allene
5 months ago
I've reviewed the details carefully, and I believe I have a solid strategy for answering this question. I'm ready to select the best option.
upvoted 0 times
...
Scarlet
5 months ago
Okay, I'm pretty confident this is asking about the business architecture phase. That's where you model the high-level business elements like capabilities and value streams.
upvoted 0 times
...
Merlyn
5 months ago
I'm not entirely sure if the statement is true or false. I mean, can you create an app without the Scaffold?
upvoted 0 times
...
Franchesca
5 months ago
Okay, I think I've got this. The key is to remember that iRule events are tied to specific points in the client-server communication, not just any point.
upvoted 0 times
...
Becky
5 months ago
I'm leaning towards optimized services as a possible answer, but it's tough to decide without more context.
upvoted 0 times
...
Frederica
9 months ago
Wait, the root FortiGate is like the king of the forest, but it only talks to one of its subjects? This exam is really testing my networking knowledge... and my sense of humor.
upvoted 0 times
Josephine
8 months ago
C) Objects from the root FortiGate will not be synchronized to any downstream FortiGate.
upvoted 0 times
...
Lasandra
8 months ago
B) Objects from the root FortiGate will only be synchronized to FGT__2.
upvoted 0 times
...
Chery
9 months ago
A) Objects from the FortiGate FGT_2 will be synchronized to the upstream FortiGate.
upvoted 0 times
...
...
Caprice
9 months ago
This is like a security version of 'If a tree falls in a forest and no one is around to hear it, does it make a sound?' The root FortiGate might as well be a tree falling if it doesn't sync to anything.
upvoted 0 times
...
Rebecka
9 months ago
Ah, I see what they're getting at. The root FortiGate only syncs to the one with the custom config. Makes sense, I guess. *shrugs*
upvoted 0 times
Iola
8 months ago
It's all about the synchronization of fabric-objects in the security fabric deployment.
upvoted 0 times
...
Jaleesa
8 months ago
Exactly, FGT_1 and FGT_3 will not receive synchronized objects from the root FortiGate.
upvoted 0 times
...
Cristal
8 months ago
So, objects from the root FortiGate will only be synchronized to FGT_2.
upvoted 0 times
...
Leota
8 months ago
Yeah, that's right. The root FortiGate only syncs with the one that has the custom config.
upvoted 0 times
...
...
Dean
10 months ago
Hmm, I'm confused. If FGT_2 is the only one with a custom config, shouldn't the objects from the root FortiGate sync to that one? This question is tricky.
upvoted 0 times
Chau
8 months ago
Tiffiny: Oh, that makes sense. Thanks for clarifying!
upvoted 0 times
...
Tiffiny
9 months ago
User 2: No, I believe objects from the root FortiGate will only be synchronized to FGT_3.
upvoted 0 times
...
Adelle
9 months ago
User 1: I think objects from the root FortiGate will only be synchronized to FGT_2.
upvoted 0 times
...
...
Annamae
10 months ago
Wait, so the root FortiGate doesn't sync to the downstream devices? That seems like a security nightmare. I better double-check the documentation on this one.
upvoted 0 times
Stanton
9 months ago
Let's verify the synchronization process to avoid any vulnerabilities in our network.
upvoted 0 times
...
Deandrea
9 months ago
It's important to ensure that all devices in the security fabric are properly synchronized.
upvoted 0 times
...
Olen
10 months ago
I think we should definitely review the documentation to make sure we have the correct understanding.
upvoted 0 times
...
Malcom
10 months ago
I agree, that does sound like a potential security risk.
upvoted 0 times
...
...
Margret
10 months ago
But if FGT_2 is the root FortiGate, then objects should sync to FGT_3, right?
upvoted 0 times
...
Tyra
10 months ago
I disagree, I believe the correct answer is D.
upvoted 0 times
...
Margret
11 months ago
I think the answer is A.
upvoted 0 times
...

Save Cancel