ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE8_811 All Questions

View all questions & answers for the NSE8_811 exam
Go to Exam

Exam NSE8_811 topic 1 question 9 discussion

Actual exam question from Fortinet's NSE8_811
Question #: 9
Topic #: 1
[All NSE8_811 Questions]

Refer to the exhibit.

A FortiGate device is configured to authenticate SSL VPN users using digital certificates. A partial FortiGate configuration is shown in the exhibit.
Referring to the exhibit, which two statements about this configuration are true? (Choose two.)

  • A. The authentication will fail if the user certificate does not contain the user principal name (UPN) information.
  • B. The authentication will fail if the user certificate does not contain the CA_Cert string in the CA field.
  • C. The authentication will fail if the OCSP server is down.
  • D. OCSP is used to verify that the user-signed certificate has not expired.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by kinge2 at Aug. 21, 2022, 4:39 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
aioross
2 years, 10 months ago
Correct: AC
upvoted 1 times
...
kinge2
2 years, 12 months ago
D is wrong because OCSP validate if certificate was revoked or not https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-OCSP/ta-p/198293
upvoted 2 times
...
kinge2
2 years, 12 months ago
Selected Answer: AC
AC is correct as per the link https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/751987/ssl-vpn-with-ldap-integrated-certificate-authentication
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel