FCSS – Network Security Specialist 7.4 — Question 15

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.
Which action will FortiGate take when using the default settings for SSL certificate inspection?

Answer options

• A. FortiGate uses the CN information from the Subject field in the server certificate.
• B. FortiGate uses the SNI from the user's web browser.
• C. FortiGate will establish a connection without SSL/TLS inspection.
• D. The web filter will automatically bypass SSL inspection for this connection.

Correct answer: A

Explanation

The correct answer is A because FortiGate defaults to using the CN from the server certificate when the SNI does not match. Option B is incorrect as it does not take precedence over the certificate. Options C and D are also wrong because they suggest bypassing SSL inspection, which does not occur in this scenario.