Fortinet
NSE8_812 · Question #166
NSE8_812 Question #166: Real Exam Question with Answer & Explanation
Sign in or unlock NSE8_812 to reveal the answer and full explanation for question #166. The question stem and answer options stay visible for context.
Question
An administrator has configured a FortiGate device to authenticate SSL VPN users using digital certificates. A FortiAuthenticator is the certificate authority (CA) and the Online Certificate Status Protocol (OCSP) server.
Part of the FortiGate configuration is shown below:
config vpn certificate setting
set ocsp-status enable
set ocsp-default-server "FortiAuthenticator"
set ocsp-option certificate
set strict-ocsp-check enable
end
config user peer
edit _any
set ca CA_Cert
set ldap-server Training-Lab
set ldap-mode principal-name
next
end
config user group
edit "SSLVPN Users"
set member _any"
next
end
Based on this configuration, which statement is true?
Options
- AIf the OCSP response is CertStatus unknown, authentication will succeed if the certificate matches the CA.
- BOCSP checks will always go to the configured FortiAuthenticator.
- CIf the OCSP server is unreachable, authentication will succeed if the certificate matches the CA.
- DThe OCSP check of the certificate can be combined with a certificate revocation list.
Unlock NSE8_812 to see the answer
You've previewed enough free NSE8_812 questions. Unlock NSE8_812 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.