Refer to the exhibit, which shows the packet capture output of a three-way handshake between FortiGate and FortiManager Cloud. What two conclusions can you draw from the exhibit? (Choose two.)
A.
FortiGate will receive a certificate that supports multiple domains because FortiManager operates in a cloud computing environment.
B.
FortiGate is connecting to the same IP server and will receive an independent certificate for its connection between FortiGate and FortiManager Cloud.
C.
If the TLS handshake contains 17 cipher suites it means the TLS version must be 1.0 on this three-way handshake.
D.
The wildcard for the domain *.fortinet-ca2.support.fortinet.com must be supported by FortiManager Cloud.
Hello
B&D are correct for me.
B is correct : Study guide page 164-165. "SNI allows servers to host multiple certificates on a single ip address, enabling various secure (HTTPS) websites or services to use that address without sharing a common certificate"
D is incorrect as it stands. It specify "*.fortinet-ca2.support.fortinet.com" but in capture, we saw "9398.support.fortinet-ca2.fortinet.com". So, it should be "*.support.fortinet-ca2.fortinet.com" and not "*.fortinet-ca2.support.fortinet.com". I guess it's a bad transcription.
On EFW Admin 7.4 Study Guide, p. 164, it indicates that when SNI is used, the certificate is for the same IP server using different certificates for different domains hosted on the same server. Server Name Indication is highlighted here, So B is the better answer, along with D.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Tweefo
Highly Voted 8 months agoyo86
Most Recent 1 day, 9 hours agoSCCUser
1 month, 3 weeks agothemageofsec
6 months, 3 weeks agotheklee
6 months, 3 weeks agoYaghu
8 months agothemageofsec
6 months, 3 weeks ago