Fortinet
NSE7_EFW-7.2 · Question #80
NSE7_EFW-7.2 Question #80: Real Exam Question with Answer & Explanation
Sign in or unlock NSE7_EFW-7.2 to reveal the answer and full explanation for question #80. The question stem and answer options stay visible for context.
Question
Refer to the exhibit, which shows an SSL certification inspection configuration. SSL certification inspection configuration While testing, the administrator updated the ssl-ssh-profile configuration with the command set sni-server-cert-check strict. The administrator found that the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate. With respect to the set sni-server-cert-check strict command, which action does FortiGate take?
Exhibit
Options
- AFortiGate uses the first entry listed in the SAN field in the server certificate.
- BFortiGate closes the connection because this represents an invalid SSL/TLS header.
- CFortiGate uses the CN information from the Subject field in the server certificate.
- DFortiGate uses the SNI from the user's web browser.
Unlock NSE7_EFW-7.2 to see the answer
You've previewed enough free NSE7_EFW-7.2 questions. Unlock NSE7_EFW-7.2 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.