Exam NSE7_ZTA-7.2 topic 1 question 8 discussion

FortiClient validates certificates using the following industry standards: • The domain or FQDN that FortiClient is connecting to matches the domain to which the certificate is issued. • The validation process correctly handles wildcards in the domain name in the certificate. • The validation process considers both the CN in the subject or the SAN. • The certificate expiry date is in the future. The certificate has not expired. • The certificate issuer or the root certificate in the certificate chain is from a publicly trusted CA. Trusted CAs are read from the operating system.

A is correct. Domain or fully qualified domain name (FQDN) that FortiClient is connecting to matches the domain to which the certificate is issued.

A is correct. Study Guide page 145: Forticlient validates certificates using the following industry standards: * The domain or FQDN that FortiClient is connecting to matches the domaing to which the certificate is issued. (Also, chech image from page 144). B is wrong. Page 145: If the EMS server certificate is invalid, actions can be configured in Endpoint Profile > System Settings. C is worng. Page 144: The connection from FortiClient to FortiClient EMS uses TCP and TLS 1.3 D is wrong. Page 53 Study Guide: FortiClient EMS has a default_ZTNARootCA certificate generated by default that the ZTNA CA uses to sign CSRs from the FortiClient endpoints. Client certificate information is synchronized with Fortigate and is used for client identity verification.

Zero Trust Access 7.2 Study Guide page 110: "FortiClient EMS has a default_ZTNARootCA certificate generated by default that the ZTNA CA uses to sign CSRs from the FortiClient endpoints." Answer "D"