nerdexam
Fortinet

FCSS_NST_SE-7.6 · Question #95

FCSS_NST_SE-7.6 Question #95: Real Exam Question with Answer & Explanation

The correct answer is B. The server hostname was extracted either from the common name (CN) in the server certificate. The hostname="training.fortinet.com" field only appears when FortiGate learns the HTTPS hostname via SNI (in the TLS Client Hello) or by parsing the server certificate's CN-it isn't gleaned from any HTTP headers over an encrypted tunnel.

Question

Refer to the exhibit, which displays the output of a real-time debug. Which statement accurately describes this output?

Exhibit

FCSS_NST_SE-7.6 question #95 exhibit

Options

  • AAccess to the requested website was allowed by web filter profile ftgd-allow.
  • BThe server hostname was extracted either from the common name (CN) in the server certificate
  • CThe URL requested was detected to belong to FortiGuard category ID 255.
  • DThe urlfilter debug detected a category mismatch.

Explanation

The hostname="training.fortinet.com" field only appears when FortiGate learns the HTTPS hostname via SNI (in the TLS Client Hello) or by parsing the server certificate's CN-it isn't gleaned from any HTTP headers over an encrypted tunnel.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full FCSS_NST_SE-7.6 Practice