Exam NSE4_FGT-6.2 topic 1 question 98 discussion

Actual exam question from Fortinet's NSE4_FGT-6.2

Question #: 98
Topic #: 1

Refer to the exhibit.

An employee connects to https://example.com using a web browser. The web server's certificate was signed by a private internal CA. The FortiGate that is inspecting this traffic is configured for full SSL inspection.
The exhibit shows the configuration settings for the SSL/SSH inspection profile that is applied to the policy that is invoked in this instance. All other settings are set to defaults. No certificates have been imported into FortiGate.
Which certificate is presented to the employee's web browser?

A. The web server's certificate
B. The user's personal certificate signed by a private internal CA
C. A certificate signed by Fortinet_CA_SSL
D. A certificate signed by Fortinet_CA_Untrusted

Show Suggested Answer

Suggested Answer: D 🗳️

by undergl at Feb. 13, 2021, 8:59 a.m.

Comments

Submit Cancel

pollyy

Highly Voted 4 years, 2 months ago

D is correct - FGT_Security-6.2, p. 334. - certificate for the example.com is self-signed, so FortiGate has to use its untrusted sertificate

upvoted 6 times

...

Jrr

Most Recent 4 years, 2 months ago

why not C ??

upvoted 1 times

brunojlm88

4 years ago

On this question we have the information "The web server's certificate was signed by a private internal CA" and in the end "no certificates were imported to Fortigate". It means that is not a Webserver that Fortigate trusts, so it will used the Untrusted Certificate to exchange data with client and apply full ssl inspection.

upvoted 3 times

...

undergl

4 years, 2 months ago

Why not C?

upvoted 1 times

mohamed1999

4 years, 2 months ago

because C says "certificate signed by Fortinet_CA_SSL" and that is not true it is a self signed cert ( signed by fortigate it self). That is why it is D.

upvoted 2 times

...

Exam NSE4_FGT-6.2 All Questions

View all questions & answers for the NSE4_FGT-6.2 exam