QUESTION: 1

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.
Which action will FortiGate take when using the default settings for SSL certificate inspection?

FortiGate uses the SNI from the user's web browser.
FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
FortiGate uses the first entry listed in the SAN field in the server certificate.
FortiGate uses the ZN information from the Subject field in the server certificate.

Answer(s): C

Reveal Solution Next Question

QUESTION: 2

Exhibit.

Refer to the exhibit, which contains partial output from an IKE real-time debug.
Which two statements about this debug output are correct? (Choose two.)

Perfect Forward Secrecy (PFS) is enabled in the configuration.
The local gateway IP address is 10.0.0.1.
It shows a phase 2 negotiation.
The initiator provided remote as its IPsec peer I

Answer(s): C,D

Reveal Solution Next Question

QUESTION: 3

Exhibit.

Refer to the exhibit, which shows the output of a diagnose command.
What can you conclude about the debug output in this scenario?

The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121.111.236.179.
There is a natural correlation between the value in the FortiGuard-requests field and the value in the Weight field.
FortiGate used 64.26.151.37 as the initial server to validate its contract.
Servers with a negative TZ value are less preferred for rating requests.

Answer(s): B

Reveal Solution Next Question