NSE 6 – Network Security Specialist — Question 2

Which behavior does not exist for certificate revocation lists (CRLs) on FortiAuthenticator?

Answer options

• A. All local CAs share the same CRLs
• B. CRLs can be exported
• C. Revoked certificates are automatically placed on the CRL
• D. SCEP can be used to distribute CRLs

Correct answer: C

Explanation

The correct answer is C because revoked certificates are not automatically added to the CRL; they must be manually managed. Option A is incorrect as local CAs can indeed share CRLs. Options B and D are also correct, as CRLs can be exported and SCEP can facilitate their distribution.