NSE 4 – FortiGate 6.4 — Question 2
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
Answer options
- A. The subject field in the server certificate
- B. The serial number in the server certificate
- C. The server name indication (SNI) extension in the client hello message
- D. The subject alternative name (SAN) field in the server certificate
- E. The host field in the HTTP header
Correct answer: A, C, D
Explanation
The correct answers are A, C, and D because FortiGate uses the subject field, SNI, and SAN to identify the hostname. The serial number (B) is unique to the certificate but does not help identify the hostname, and the host field in the HTTP header (E) is not used for SSL inspection identification.