NSE 7 – Zero Trust Access 7.2 — Question 28

Which two statements are true regarding certificate-based authentication for ZTNA deployment? (Choose two.)

Answer options

• A. FortiGate signs the client certificate submitted by FortiClient.
• B. The default action for empty certificates is block.
• C. Certificate actions can be configured only on the FortiGate CLI.
• D. Client certificate configuration is a mandatory component for ZTNA.

Correct answer: B, D

Explanation

The correct answers are B and D because the default action for empty certificates is indeed to block access, ensuring security. Additionally, client certificate configuration is a required part of ZTNA to establish trust. Options A and C are incorrect as they misrepresent the actions taken by FortiGate regarding certificate handling.