nse7_led-70 Exam - Question 35

Question

Refer to the exhibit showing certificate values.

Wireless guest users are unable to authenticate because they are getting a certificate error while loading the captive portal login page. This URL string is the HTTPS POST URL guest wireless users see when attempting to access the network using the web browser: https://fac.trainingad.training.com/guests/login/? login&post=https://auth.trainingad.training.lab:1003/fgtauth&magic=000a038293d1f411&usermac=b8:27:eb:d8:50:02&apmac=70:4c:a5:9d:0d:28&apip=10.10.100.2&userip=10.0.3.1&ssid=Guest03&apname=PS221ETF18000148&bssid=70:4c:a5:9d:0d:30

Which two settings are the likely causes of the issue? (Choose two.)

Examice · Accepted Answer

The issue is likely caused by the external server FQDN being incorrect and the FortiGate authentication interface address using HTTPS. The external server FQDN must match the certificate's common name, which it currently doesn't, causing a mismatch error. Additionally, if the FortiGate authentication interface address is using HTTPS, the certificate must be valid and properly signed by a known issuer, which is not the case here, leading to authentication issues.

Artbrut · Answer

Would assume A and B as per study guide p. 473

Artbrut · Answer

Okay, have to revert, p 473 is not relevant.
A is right because the first part of URL (external captive portal address) is not the same in the certificate
B is wrong as a CA certificate would not help, the domains are completely different.
C could be right because the captive portal is doing https
D is wrong, because the captive portal needs a dns entry, not the user address

Artbrut · Answer

Another hint is p 69 study guide which indicates B could be right

nse7_led-70 Exam - Question 35

Discussion