Fortinet Exam NSE7_LED-7.0 Topic 1 Question 16 Discussion

Actual exam question for Fortinet's NSE7_LED-7.0 exam

Question #: 16
Topic #: 1

[All NSE7_LED-7.0 Questions]

Which two statements about the use of digital certificates are true? (Choose two.)

AA chain of trust may include one or more intermediate CAs.

BIn a chain of trust, the root CA is signed by another certificate.

CTo validate the signature on a certificate, an endpoint does not need to know the CA of that certificate.

DAn intermediate CA can sign other certificates.

Show Suggested Answer

Suggested Answer: A, B

According to the exhibit, the wireless guest users are getting a certificate error while loading the captive portal login page. This means that the browser cannot verify the identity of the server that is hosting the login page. Therefore, option A is true because the external server FQDN is incorrect, which means that it does not match the common name or subject alternative name of the server certificate. Option B is also true because the wireless user's browser is missing a CA certificate, which means that it does not have the root or intermediate certificate that issued the server certificate. Option C is false because the FortiGate authentication interface address is using HTTPS, which is a secure protocol that encrypts the communication between the browser and the server. Option D is false because the user address is not in DDNS form, which is not related to the certificate error.

by Frederica at Apr 12, 2024, 07:15 PM

Limited Time Offer

25%

23 days ago

I think A and D are true.

upvoted 0 times

...