ExamGecko
Search Search Login
Home Home / Fortinet / NSE4_FGT-7.2
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
Which two statements are correct about SLA targets? (Choose two.)
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

Question 184 - NSE4_FGT-7.2 discussion

Report
Export

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

A.
The server name indication (SNI) extension in the client hello message
Answers
A.
The server name indication (SNI) extension in the client hello message
B.
The subject alternative name (SAN) field in the server certificate
Answers
B.
The subject alternative name (SAN) field in the server certificate
C.
The host field in the HTTP header
Answers
C.
The host field in the HTTP header
D.
The serial number in the server certificate
Answers
D.
The serial number in the server certificate
E.
The subject field in the server certificate
Answers
E.
The subject field in the server certificate
Suggested answer: A, B, E

Explanation:

A) The server name indication (SNI) extension in the client hello message. This is correct. This is a piece of information that FortiGate uses to identify the hostname of the SSL server when SSL certificate inspection is enabled. The SNI extension is a feature of the TLS protocol that allows a client to indicate the hostname of the server it wants to connect to during the TLS handshake.This helps the server to present the appropriate certificate for the requested hostname, especially when the server hosts multiple domains on the same IP address1.FortiGate can use the SNI extension in the client hello message to identify the hostname of the SSL server and verify it against the server certificate2.

B) The subject alternative name (SAN) field in the server certificate. This is correct. This is a piece of information that FortiGate uses to identify the hostname of the SSL server when SSL certificate inspection is enabled. The SAN field is an extension of the X.509 certificate standard that allows a certificate to specify multiple hostnames or IP addresses that are valid for the certificate.This helps the certificate to support multiple domains or subdomains on the same server, or multiple servers with different IP addresses3.FortiGate can use the SAN field in the server certificate to identify the hostname of the SSL server and verify it against the client request2.

E) The subject field in the server certificate. This is correct. This is a piece of information that FortiGate uses to identify the hostname of the SSL server when SSL certificate inspection is enabled. The subject field is a part of the X.509 certificate standard that contains information about the identity of the entity that owns the certificate, such as common name, organization, country, and so on.The common name usually specifies the hostname or domain name of the server that owns the certificate4.FortiGate can use the subject field in the server certificate to identify the hostname of the SSL server and verify it against the client request2.

Show Answer
asked 18/09/2024
Darren Sloan
41 questions
PreviousPrevious
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms