When FortiGate performs SSL/SSH full inspection, you can decide how it should react when it detects an invalid certificate. Which three actions are valid actions that FortiGate can perform when it detects an invalid certificate? (Choose three.)
Pagina 186
When a certificate fails for any of the reasons above, you can configure any of the following actions:
• Keep untrusted & Allow: FortiGate allows the website and lets the browser decide the action to take.
FortiGate takes the certificate as untrusted.
• Block: FortiGate blocks the content of the site.
• Trust & Allow: FortiGate allows the website and takes the certificate as trusted.
I believe A is incorrect. Page 186 of the study guide does not contain the word "warning" anywhere on it.
I take "Warning" in this context to mean that Fortigate would supply a warning. That is not what happens. If you set it to "Keep untrusted and allow" then the BROWSER will generate the warning, NOT Fortigate.
BCE
Keep Untrusted & Allow: Allow the server certificate and keep it untrusted.l Block: Block the certificate.l Trust & Allow: Allow the server certificate and re-sign it as trusted (page 1966 FortiOS Administrator Guide)
Options available:
Trust and Allow (fortigate marks the certificate as trusted)
Keep untrusted and allow / allow (Fortigate allow the traffic and let the browser decide)
Block (Fortigate blocks the connection)
With invalid certificates the options are Allow, Block or Custom. In custom, you can either select: Trust & Allow, Keep Untrusted and Allow, Block. So BCE is correct.
I'd go with BCE because on FortiGate it says "Keep untrusted & Allow", "Block", "Trust & Allow".
With "Keep untrusted & Allow", Fortigate allows it and does NOT display a warning but let's the browser decide. I'd associate the Fortigate setting "Keep untrusted & allow" with "Allow" from the question (Option C). Anything else doesn't make sense. Since there's no warning displayed in any allow situation, A doesn't make sense and since Block & Warning doesn't exist, it has to be B for this. The other two (Trust & Allow, Block) are the exact same words as written in the question, so it can only be B, C, E.
In the administration guide you can confirm that there are only the options to allow or block, after enabling deep inspection, the options to trust or not trust the certificate are added.
BCE is correct
fortigate 7.4 Administrator page 186
" a certificate fails for any of the reasons above, you can configure any of the following actions:
• Keep untrusted & Allow: FortiGate allows the website and lets the browser decide the action to take. FortiGate takes the certificate as untrusted.
• Block: FortiGate blocks the content of the site.
• Trust & Allow: FortiGate allows the website and takes the certificate as trusted."
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
IBB90704
Highly Voted 4 months agoandres8h
Highly Voted 4 months, 1 week agofa7474b
2 months, 1 week agohecjoseroag
Most Recent 4 weeks, 1 day agosxcap
1 month agoJRKhan
1 month, 3 weeks agos4mu3l007
2 months, 1 week ago066c9f3
2 months, 1 week agomarcovinicius4
2 months, 1 week agoDBFront
2 months, 3 weeks ago6f7d62a
3 months ago0d6e481
3 months agomiguelmagr
3 months, 1 week agodumpz
3 months, 1 week agoBillyon
4 months agoVdiaz
4 months agobob511
4 months, 1 week agobob511
4 months, 1 week agoQwerty379
4 months, 1 week ago