ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam FCSS_NST_SE-7.4 All Questions

View all questions & answers for the FCSS_NST_SE-7.4 exam
Go to Exam

Exam FCSS_NST_SE-7.4 topic 1 question 13 discussion

Actual exam question from Fortinet's FCSS_NST_SE-7.4
Question #: 13
Topic #: 1
[All FCSS_NST_SE-7.4 Questions]

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.
Which action will FortiGate take when using the default settings for SSL certificate inspection?

  • A. FortiGate uses the CN information from the Subject field in the server certificate.
  • B. FortiGate uses the SNI from the user's web browser.
  • C. FortiGate will establish a connection without SSL/TLS inspection.
  • D. The web filter will automatically bypass SSL inspection for this connection.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by IBB90704 at April 30, 2025, 1:21 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
payafs
2 months ago
Selected Answer: A
FortiGate 7.6 Administrator Study Guide 263
upvoted 2 times
...
IBB90704
2 months, 2 weeks ago
Selected Answer: A
When doing certificate-based inspection, by default, FortiGate validates the information in the SNI field of the client's request against the information in CN and SAN fields of the server's certificate. If the domain in the SNI field does not match any of the domains listed in the CN and SAN fields, FortiGate uses the domain in the CN field instead of the domain in the SNI field Pagina 238 Enterprise_Firewall_7.2_Study
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel