Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Fortinet Exam NSE7_NST-7.2 Topic 3 Question 7 Discussion

Actual exam question for Fortinet's NSE7_NST-7.2 exam
Question #: 7
Topic #: 3
[All NSE7_NST-7.2 Questions]

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate. Which action will FortiGate take when using the default settings for SSL certificate inspection?

Show Suggested Answer Hide Answer
Suggested Answer: A

SNI and Certificate Mismatch: When the Server Name Indication (SNI) does not match either the Common Name (CN) or any of the Subject Alternative Names (SAN) in the server certificate, FortiGate's default behavior is to consider this as an invalid SSL/TLS configuration.

Default Action: FortiGate, under default settings for SSL certificate inspection, will close the connection to prevent potential security risks associated with mismatched certificates.


Fortinet Community: SSL Certificate Inspection Configuration and Behavior (Welcome to the Fortinet Community!).

by Val at Jun 24, 2024, 02:16 PM

Limited Time Offer

25%

Off

Get Premium NSE7_NST-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Otis
11 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration. Yep, that's the only way to go. Can't have any funny business going on with SSL/TLS, or else the whole internet might just collapse!
upvoted 0 times
...
Shawnda
11 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate. Sounds reasonable, but I hope the first one is the right one, or else it's gonna be a wild ride!
upvoted 0 times
Evan
10 months ago
If not, it could definitely make things interesting!
upvoted 0 times
...
Heike
10 months ago
Yeah, that does sound reasonable. Let's hope it's the right one!
upvoted 0 times
...
Mary
10 months ago
I think FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Jose
10 months ago
B) FortiGate uses the information from the Subject field in the server certificate.
upvoted 0 times
...
Romana
10 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Kathrine
10 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration
upvoted 0 times
...
...
Wilda
11 months ago
B) FortiGate uses the 31 information from the Subject field in the server certificate. Wait, what? 31? I think someone's been drinking a bit too much coffee...
upvoted 0 times
Dustin
10 months ago
D) FortiGate uses the SNI from the user's web browser.
upvoted 0 times
...
Marge
10 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Twana
10 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Helene
11 months ago
B) FortiGate uses the 31 information from the Subject field in the server certificate.
upvoted 0 times
...
Mirta
11 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration
upvoted 0 times
...
Oren
11 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration
upvoted 0 times
...
...
Erasmo
11 months ago
I'm not sure, but I think B) FortiGate uses the information from the Subject field in the server certificate.
upvoted 0 times
...
Stevie
12 months ago
I disagree, I believe the answer is C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Jesus
12 months ago
I think the answer is A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
upvoted 0 times
...
Shasta
1 years ago
D) FortiGate uses the SNI from the user's web browser. Duh, that's the whole point of SNI, to indicate the right server to connect to.
upvoted 0 times
...
Lindsey
1 years ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration. That's a no-brainer, you can't just ignore a mismatch like that!
upvoted 0 times
Luisa
12 months ago
FortiGate needs to prioritize security over convenience in these cases.
upvoted 0 times
...
Pansy
12 months ago
That's true, it's a security risk to ignore mismatches like that.
upvoted 0 times
...
Cyril
12 months ago
FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77