nerdexam
Fortinet

NSE4_FGT_AD-7.6 · Question #37

NSE4_FGT_AD-7.6 Question #37: Real Exam Question with Answer & Explanation

The correct answer is C. FortiGate will close the connection if the SNI does not match the CN or SAN fields.. SNI-server-cert-check. Enable: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. If mismatched, use the CN in the server certificate to do URL filtering. Strict: Check the SNI in the client hello message with the CN or SAN fie

Question

Refer to the exhibit. What would be the impact of these settings on the Server certificate SNI check configuration on FortiGate?

Options

  • AFortiGate will accept and use the CN in the server certificate for URL filtering if the SNI does not match the CN or SAN fields.
  • BFortiGate will accept the connection with a warning if the SNI does not match the CN or SAN fields.
  • CFortiGate will close the connection if the SNI does not match the CN or SAN fields.
  • DFortiGate will close the connection if the SNI does not match the CN and SAN fields

Explanation

SNI-server-cert-check. Enable: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. If mismatched, use the CN in the server certificate to do URL filtering. Strict: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. If mismatched, close the connection. Disable: Do not check the SNI in the client hello message with the CN or SAN fields in the returned server certificate.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full NSE4_FGT_AD-7.6 Practice