ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_ZTA-7.2
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

With the increase in loT devices, which two challenges do enterprises face? (Choose two.)
Which statement is true about FortiClient EMS in a ZTNA deployment?
Exhibit. Which port group membership should you enable on FortiNAC to isolate rogue hosts'?
Which three methods can you use to trigger layer 2 polling on FortiNAC? (Choose three)
exhibit. User student is not able to log in to SSL VPN Given the output showing a real-time debug: which statement describes the login failure?
Exhibit. Which two statements are true about the hr endpoint? (Choose two.)
Exhibit. Which statement is true about the hr endpoint?
Exhibit. An administrator has to provide on-fabric clients with access to FortiAnalyzer using ZTNA tags Which two conditions must be met to achieve this task? (Choose two.)
Which statement is true regarding a FortiClient quarantine using FortiAnalyzer playbooks?
What are two functions of NGFW in a ZTA deployment? (Choose two.)

Question 21 - NSE7_ZTA-7.2 discussion

Report
Export

exhibit.

User student is not able to log in to SSL VPN

Given the output showing a real-time debug: which statement describes the login failure?

A.
Unable to verify chain of trust for the peer certificate
Answers
A.
Unable to verify chain of trust for the peer certificate
B.
CN does not match the user peer configuration
Answers
B.
CN does not match the user peer configuration
C.
student is not part of the usergroup SSL_VPN_Users.
Answers
C.
student is not part of the usergroup SSL_VPN_Users.
D.
Client certificate has expired
Answers
D.
Client certificate has expired
Suggested answer: C

Explanation:

Given the output showing a real-time debug, the statement that describes the login failure is:

C) student is not part of the usergroup SSL_VPN_Users: The debug log contains a line that says 'fnbam_cert_check_group_list-checking group with name 'SSL_VPN_Users'' followed by 'peer_check_add_peer_check_student' and later 'RDN_match-Checking 'CN' val 'STUDENT' -- no match.' This suggests that the certificate presented has a common name (CN) of 'student', which does not match or is not authorized under the 'SSL_VPN_Users' group expected for successful authentication.

Show Answer
asked 18/09/2024
Rocco Cristofaro
45 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms