Fortinet
NSE8_812 · Question #24
NSE8_812 Question #24: Real Exam Question with Answer & Explanation
Sign in or unlock NSE8_812 to reveal the answer and full explanation for question #24. The question stem and answer options stay visible for context.
Question
An administrator has configured a FortiGate device to authenticate SSL VPN users using dogotal certificates. A FortiAuthenticator is the certificate authority (CA) and the Online Certificate Status Protocol (OCSP) server. Part of the FortiGate configuration is shown below:
config vpn certificate setting
set ocsp-status enable
set ocsp-default-server "FortiAuthenticator"
set ocsp-option certificate
set strict-ocsp-check enable
end
config user peer
edit _any
set ca CA_Cert
set ldap-server Training-Lab
set ldap-mode principal-name
next
end
config user group
edit "SSLVPN_Users"
set member "_any"
next
end
Based on this configuration, which two statements are true? (Choose two.)Options
- AOCSP checks will always go to the configured FortiAuthenticator
- BThe OCSP check of the certificate can be combined with a certificate revocation list
- COCSP certificate responses are never cached by the FortiGate
- DIf the OCSP server is unreachable, authentication will succeed if the certificate matches the CA
Unlock NSE8_812 to see the answer
You've previewed enough free NSE8_812 questions. Unlock NSE8_812 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.