ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_EFW-7.2 All Questions

View all questions & answers for the NSE7_EFW-7.2 exam
Go to Exam

Exam NSE7_EFW-7.2 topic 1 question 28 discussion

Actual exam question from Fortinet's NSE7_EFW-7.2
Question #: 28
Topic #: 1
[All NSE7_EFW-7.2 Questions]

Refer to the exhibit, which shows an SSL certification inspection configuration.

Which action does FortiGate take if the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate?

  • A. FortiGate uses the first entry listed in the SAN field in the server certificate
  • B. FortiGate uses the CN information from the Subject field in the server certificate
  • C. FortiGate uses the SNI from the user's web browser.
  • D. FortiGate closes the connection because this represents an invalid SSL/TLS configuration
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by MikeSco001 at Feb. 24, 2024, 3:29 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Totoahren
1 month, 1 week ago
Selected Answer: D
The set sni-server-cert-check enable command ensures that FortiGate validates the Server Name Indication (SNI) in the SSL/TLS handshake. If the SNI provided by the client does not match the Common Name (CN) or any of the Subject Alternative Names (SAN) in the server's certificate, FortiGate considers the SSL/TLS configuration invalid and terminates the connection. This is a security measure to prevent potential mismatches or man-in-the-middle attacks.
upvoted 2 times
...
jebusruns
3 months, 1 week ago
Selected Answer: B
Further inspection strict not enable would close the connection page 238 explains this. The question is phrased poorly and so are the answers. If the sni does not match then it uses the domain in the cn.
upvoted 1 times
...
jebusruns
3 months, 1 week ago
Selected Answer: D
Questions asks what action when the sni does not match the cn nor san of a certificste. The fortigate should block it.
upvoted 2 times
...
charruco
8 months, 3 weeks ago
Selected Answer: B
B is correct Study Guide p238
upvoted 1 times
...
DaLoGo
9 months ago
D is correct. Read the question. CN does not match.
upvoted 2 times
...
truserud
10 months ago
Selected Answer: B
The Correct answer i B as detailed on page 238 in the Study Guide.
upvoted 2 times
...
Kop01
10 months, 1 week ago
Selected Answer: B
Answer B p238
upvoted 1 times
...
5deee77
10 months, 2 weeks ago
Selected Answer: B
study guide page 238
upvoted 1 times
...
33k_
10 months, 2 weeks ago
Selected Answer: B
If the domain in the SNI field does not match any of the domains listed in the CN and SAN fields, FortiGate uses the domain in the CN field instead of the domain in the SNI field.
upvoted 3 times
...
MikeSco001
10 months, 3 weeks ago
Selected Answer: B
answer is B : Enterprise_Firewall_7.2_Study_Guide-Online.pdf / p 238
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago