NSE 4 – FortiGate 7.0 — Question 39
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
Answer options
- A. The subject field in the server certificate
- B. The subject alternative name (SAN) field in the server certificate
- C. The serial number in the server certificate
- D. The server name indication (SNI) extension in the client hello message
- E. The host field in the HTTP header
Correct answer: A, B, D
Explanation
FortiGate utilizes the subject field, the subject alternative name (SAN) field, and the server name indication (SNI) extension to accurately identify the hostname of the SSL server. The serial number in the server certificate does not provide hostname information, and while the host field in the HTTP header is useful for identifying hosts, it is not used for SSL server identification during inspection.