NSE 7 – Network Security Architect — Question 12

When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI)?

Answer options

• A. FortiGate uses the Issued To: field in the server's certificate.
• B. FortiGate switches to the full SSL inspection method to decrypt the data.
• C. FortiGate blocks the request without any further inspection.
• D. FortiGate uses the requested URL from the user's web browser.

Correct answer: D

Explanation

The correct answer is D because when SNI is not provided, FortiGate uses the requested URL to filter the traffic. Options A and B are incorrect as they describe actions that do not apply in the absence of SNI, while option C is incorrect because FortiGate does not automatically block requests without inspection.