Exam nse7_led-70 All QuestionsBrowse all questions from this exam
Go to Exam
Question 35

Refer to the exhibit showing certificate values.

Wireless guest users are unable to authenticate because they are getting a certificate error while loading the captive portal login page. This URL string is the HTTPS POST URL guest wireless users see when attempting to access the network using the web browser: https://fac.trainingad.training.com/guests/login/? login&post=https://auth.trainingad.training.lab:1003/fgtauth&magic=000a038293d1f411&usermac=b8:27:eb:d8:50:02&apmac=70:4c:a5:9d:0d:28&apip=10.10.100.2&userip=10.0.3.1&ssid=Guest03&apname=PS221ETF18000148&bssid=70:4c:a5:9d:0d:30

Which two settings are the likely causes of the issue? (Choose two.)

    Correct Answer: A, C

    The issue is likely caused by the external server FQDN being incorrect and the FortiGate authentication interface address using HTTPS. The external server FQDN must match the certificate's common name, which it currently doesn't, causing a mismatch error. Additionally, if the FortiGate authentication interface address is using HTTPS, the certificate must be valid and properly signed by a known issuer, which is not the case here, leading to authentication issues.

Discussion
ArtbrutOptions: AB

Another hint is p 69 study guide which indicates B could be right

Artbrut

Page 369 study guide

BBell29128

The notation of this being guest would make me automatically assume they don't have the internal CA root and/or intermediate certs in their trusted cert stores.

ArtbrutOptions: AC

Okay, have to revert, p 473 is not relevant. A is right because the first part of URL (external captive portal address) is not the same in the certificate B is wrong as a CA certificate would not help, the domains are completely different. C could be right because the captive portal is doing https D is wrong, because the captive portal needs a dns entry, not the user address

ArtbrutOptions: AB

Would assume A and B as per study guide p. 473