nse7_zta-72 Exam QuestionsBrowse all questions from this exam
Go to Exam

nse7_zta-72 Exam - Question 8

Refer to the exhibits.

Which statement is true about the configuration shown in the exhibit?

Show Answer
Correct Answer: A

The domain that FortiClient is connecting to should match the domain to which the certificate is issued. This is a standard practice in SSL/TLS connections to ensure the authenticity and integrity of the connection. The FortiClient validates certificates by checking if the Fully Qualified Domain Name (FQDN) or domain matches the domain on the certificate. This helps prevent man-in-the-middle attacks by ensuring that the client is communicating with the intended server.

Discussion

2 comments
Sign in to comment
lil_pc1972Option: A
Mar 25, 2024

FortiClient validates certificates using the following industry standards: • The domain or FQDN that FortiClient is connecting to matches the domain to which the certificate is issued. • The validation process correctly handles wildcards in the domain name in the certificate. • The validation process considers both the CN in the subject or the SAN. • The certificate expiry date is in the future. The certificate has not expired. • The certificate issuer or the root certificate in the certificate chain is from a publicly trusted CA. Trusted CAs are read from the operating system.

Disposable_Me_2018Option: D
Jun 14, 2024

Zero Trust Access 7.2 Study Guide page 110: "FortiClient EMS has a default_ZTNARootCA certificate generated by default that the ZTNA CA uses to sign CSRs from the FortiClient endpoints." Answer "D"