BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE7_NST-7.2 Topic 3 Question 7 Discussion

Actual exam question for Fortinet's NSE7_NST-7.2 exam
Question #: 7
Topic #: 3
[All NSE7_NST-7.2 Questions]

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate. Which action will FortiGate take when using the default settings for SSL certificate inspection?

Show Suggested Answer Hide Answer
Suggested Answer: A

SNI and Certificate Mismatch: When the Server Name Indication (SNI) does not match either the Common Name (CN) or any of the Subject Alternative Names (SAN) in the server certificate, FortiGate's default behavior is to consider this as an invalid SSL/TLS configuration.

Default Action: FortiGate, under default settings for SSL certificate inspection, will close the connection to prevent potential security risks associated with mismatched certificates.


Fortinet Community: SSL Certificate Inspection Configuration and Behavior (Welcome to the Fortinet Community!).

by Val at Jun 24, 2024, 02:16 PM

Limited Time Offer

25%

Off

Get Premium NSE7_NST-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Otis
4 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration. Yep, that's the only way to go. Can't have any funny business going on with SSL/TLS, or else the whole internet might just collapse!
upvoted 0 times
...
Shawnda
4 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate. Sounds reasonable, but I hope the first one is the right one, or else it's gonna be a wild ride!
upvoted 0 times
Evan
2 months ago
If not, it could definitely make things interesting!
upvoted 0 times
...
Heike
2 months ago
Yeah, that does sound reasonable. Let's hope it's the right one!
upvoted 0 times
...
Mary
3 months ago
I think FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Jose
3 months ago
B) FortiGate uses the information from the Subject field in the server certificate.
upvoted 0 times
...
Romana
3 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Kathrine
3 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration
upvoted 0 times
...
...
Wilda
4 months ago
B) FortiGate uses the 31 information from the Subject field in the server certificate. Wait, what? 31? I think someone's been drinking a bit too much coffee...
upvoted 0 times
Dustin
3 months ago
D) FortiGate uses the SNI from the user's web browser.
upvoted 0 times
...
Marge
3 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Twana
3 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Helene
3 months ago
B) FortiGate uses the 31 information from the Subject field in the server certificate.
upvoted 0 times
...
Mirta
3 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration
upvoted 0 times
...
Oren
4 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration
upvoted 0 times
...
...
Erasmo
4 months ago
I'm not sure, but I think B) FortiGate uses the information from the Subject field in the server certificate.
upvoted 0 times
...
Stevie
4 months ago
I disagree, I believe the answer is C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Jesus
4 months ago
I think the answer is A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
upvoted 0 times
...
Shasta
5 months ago
D) FortiGate uses the SNI from the user's web browser. Duh, that's the whole point of SNI, to indicate the right server to connect to.
upvoted 0 times
...
Lindsey
5 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration. That's a no-brainer, you can't just ignore a mismatch like that!
upvoted 0 times
Luisa
4 months ago
FortiGate needs to prioritize security over convenience in these cases.
upvoted 0 times
...
Pansy
4 months ago
That's true, it's a security risk to ignore mismatches like that.
upvoted 0 times
...
Cyril
4 months ago
FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
upvoted 0 times
...
...

Save Cancel