Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE7_NST-7.2 Topic 3 Question 7 Discussion

Actual exam question for Fortinet's NSE7_NST-7.2 exam
Question #: 7
Topic #: 3
[All NSE7_NST-7.2 Questions]

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate. Which action will FortiGate take when using the default settings for SSL certificate inspection?

Show Suggested Answer Hide Answer
Suggested Answer: A

SNI and Certificate Mismatch: When the Server Name Indication (SNI) does not match either the Common Name (CN) or any of the Subject Alternative Names (SAN) in the server certificate, FortiGate's default behavior is to consider this as an invalid SSL/TLS configuration.

Default Action: FortiGate, under default settings for SSL certificate inspection, will close the connection to prevent potential security risks associated with mismatched certificates.


Fortinet Community: SSL Certificate Inspection Configuration and Behavior (Welcome to the Fortinet Community!).

Contribute your Thoughts:

Otis
5 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration. Yep, that's the only way to go. Can't have any funny business going on with SSL/TLS, or else the whole internet might just collapse!
upvoted 0 times
...
Shawnda
5 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate. Sounds reasonable, but I hope the first one is the right one, or else it's gonna be a wild ride!
upvoted 0 times
Evan
3 months ago
If not, it could definitely make things interesting!
upvoted 0 times
...
Heike
3 months ago
Yeah, that does sound reasonable. Let's hope it's the right one!
upvoted 0 times
...
Mary
4 months ago
I think FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Jose
4 months ago
B) FortiGate uses the information from the Subject field in the server certificate.
upvoted 0 times
...
Romana
4 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Kathrine
4 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration
upvoted 0 times
...
...
Wilda
5 months ago
B) FortiGate uses the 31 information from the Subject field in the server certificate. Wait, what? 31? I think someone's been drinking a bit too much coffee...
upvoted 0 times
Dustin
4 months ago
D) FortiGate uses the SNI from the user's web browser.
upvoted 0 times
...
Marge
4 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Twana
4 months ago
C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Helene
4 months ago
B) FortiGate uses the 31 information from the Subject field in the server certificate.
upvoted 0 times
...
Mirta
4 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration
upvoted 0 times
...
Oren
5 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration
upvoted 0 times
...
...
Erasmo
5 months ago
I'm not sure, but I think B) FortiGate uses the information from the Subject field in the server certificate.
upvoted 0 times
...
Stevie
5 months ago
I disagree, I believe the answer is C) FortiGate uses the first entry listed in the SAN field in the server certificate.
upvoted 0 times
...
Jesus
5 months ago
I think the answer is A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
upvoted 0 times
...
Shasta
6 months ago
D) FortiGate uses the SNI from the user's web browser. Duh, that's the whole point of SNI, to indicate the right server to connect to.
upvoted 0 times
...
Lindsey
6 months ago
A) FortiGate closes the connection because this represents an invalid SSL/TLS configuration. That's a no-brainer, you can't just ignore a mismatch like that!
upvoted 0 times
Luisa
5 months ago
FortiGate needs to prioritize security over convenience in these cases.
upvoted 0 times
...
Pansy
5 months ago
That's true, it's a security risk to ignore mismatches like that.
upvoted 0 times
...
Cyril
5 months ago
FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77