BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE6_FAC-6.4 Topic 5 Question 33 Discussion

Actual exam question for Fortinet's NSE6_FAC-6.4 exam
Question #: 33
Topic #: 5
[All NSE6_FAC-6.4 Questions]

Which behaviors exist for certificate revocation lists (CRLs) on FortiAuthenticator? (Choose two)

Show Suggested Answer Hide Answer
Suggested Answer: A, B

CRLs are lists of certificates that have been revoked by the issuing CA and should not be trusted by any entity. CRLs contain the serial number of the certificate that has been revoked, the date and time of revocation, and the reason for revocation. Revoked certificates are automatically placed on the CRL by the CA and the CRL is updated periodically. CRLs can be exported through various methods, such as HTTP, LDAP, or SCEP. Each local CA has its own CRL that is specific to its issued certificates. Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372408/certificate-management/372413/certificate-revocation-lists


by Colton at Sep 14, 2024, 12:04 AM

Limited Time Offer

25%

Off

Get Premium NSE6_FAC-6.4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Tammara
1 months ago
I'm not sure about C and D, but A and B seem like the most logical choices for CRL behaviors.
upvoted 0 times
...
Izetta
2 months ago
I agree with Colby. A makes sense because CRLs should contain the serial number of revoked certificates.
upvoted 0 times
...
Mose
2 months ago
C is a bit misleading. CRLs can be exported through other means, not just the SCEP server.
upvoted 0 times
Alisha
13 days ago
C is a bit misleading. CRLs can be exported through other means, not just the SCEP server.
upvoted 0 times
...
Danica
14 days ago
D) All local CAs share the same CRLs
upvoted 0 times
...
Mattie
15 days ago
B) Revoked certificates are automatically placed on the CRL
upvoted 0 times
...
Lai
1 months ago
A) CRLs contain the serial number of the certificate that has been revoked
upvoted 0 times
...
...
Nickie
2 months ago
Haha, 'automaticlly' in option B - I bet the exam writers had a little chuckle over that one!
upvoted 0 times
Melvin
23 days ago
Haha, 'automaticlly' in option B - I bet the exam writers had a little chuckle over that one!
upvoted 0 times
...
Glen
26 days ago
B) Revoked certificates are automaticlly placed on the CRL
upvoted 0 times
...
Rachael
28 days ago
A) CRLs contain the serial number of the certificate that has been revoked
upvoted 0 times
...
...
Colby
2 months ago
I think A and B are the correct behaviors for CRLs on FortiAuthenticator.
upvoted 0 times
...
Leonora
2 months ago
D is definitely wrong - each local CA should have its own unique CRL, not a shared one.
upvoted 0 times
Norah
20 days ago
Yes, D is incorrect. Each local CA should have its own unique CRL.
upvoted 0 times
...
Tamar
21 days ago
D) All local CAs share the same CRLs
upvoted 0 times
...
Myra
22 days ago
B) Revoked certificates are automatically placed on the CRL
upvoted 0 times
...
Gretchen
24 days ago
A is correct, but what about B?
upvoted 0 times
...
Coral
1 months ago
C) CRLs can be exported only through the SCEP server
upvoted 0 times
...
Lavonne
1 months ago
B) Revoked certificates are automatically placed on the CRL
upvoted 0 times
...
Markus
2 months ago
A) CRLs contain the serial number of the certificate that has been revoked
upvoted 0 times
...
...
Nickolas
2 months ago
A and B seem like the correct options here. Revoking certificates and including them in the CRL is a standard practice.
upvoted 0 times
Patti
2 months ago
Yes, A) CRLs contain the serial number of the certificate that has been revoked and B) Revoked certificates are automatically placed on the CRL.
upvoted 0 times
...
Patti
2 months ago
I agree, A and B are the correct options for behaviors of CRLs on FortiAuthenticator.
upvoted 0 times
...
...

Save Cancel