Which two statements are true regarding certificate-based authentication for ZTNA deployment? (Choose two.)
Which two statements are true regarding certificate-based authentication for ZTNA deployment? (Choose two.)
For a ZTNA deployment, the default action for empty certificates is to block, and this setting can be adjusted using the FortiGate CLI. This indicates that certainly, the certificate-related actions can be managed through the CLI, confirming option C. Therefore, options B and C are correct.
By default client certificate authentication is enabled on the access proxy and it block the traffic if the client certificate is empty, You can change the action using the CLI, if required. Study Page 118 i think its BC
Zero Trust Access 7.2 Study Guide p118 "By default, client certificate authentication is enabled on the access proxy policy and it blocks the traffic if the client certificate is empty. You can change the action using the CLI, if required." B is correct D is correct A is wrong I think C is wrong due to the wording implying that all certificate actions can only be configured on the GUI.
Correction. I meant "... on the CLI"
By default client certificate authentication is enabled on the access proxy and it block the traffic if the client certificate is empty
Study guide page 118: By default client certificate authentication is enabled on the access proxy and it block the traffic if the client certificate is empty. You can change the action using the CLI, if required. Could be both BC, BD and CD...