NSE 6 – FortiAuthenticator 6.1 — Question 27

Which behaviors exist for certificate revocation lists (CRLs) on FortiAuthenticator? (Choose two.)

Answer options

• A. CRLs can be exported only through the SCEP server
• B. Revoked certificates are automatically placed on the CRL
• C. CRLs contain the serial number of the certificate that has been revoked
• D. All local CAs share the same CRLs

Correct answer: B, C

Explanation

Option B is correct because revoked certificates are indeed automatically added to the CRL to ensure they are recognized as invalid. Option C is also correct as CRLs include the serial numbers of revoked certificates for identification. Options A and D are incorrect; CRLs can be exported through other methods, and not all local CAs share the same CRLs, as each CA may maintain its own list.