Exam NSE8_812 Topic 1 Question 9 Discussion
Actual exam question for Fortinet's NSE8_812 exam
Question #: 9
Topic #: 1
Question #: 9
Topic #: 1
An administrator has configured a FortiGate device to authenticate SSL VPN users using digital certificates. A FortiAuthenticator is the certificate authority (CA) and the Online Certificate Status Protocol (OCSP) server.
Part of the FortiGate configuration is shown below:

Based on this configuration, which two statements are true? (Choose two.)
Part of the FortiGate configuration is shown below:

Based on this configuration, which two statements are true? (Choose two.)
Suggested Answer: A,D Vote an answer
A is correct because the OCSP server is configured as the FortiAuthenticator in the config vpn certificate ocsp-server section. D is correct because the config vpn ssl settings section has set ocsp-option to allow. This means that if the OCSP server is unreachable, authentication will succeed if the certificate matches the CA. Reference: https://docs.fortinet.com/document/fortigate/7.0.1/administration-guide/490351/ssl-vpn-authentication https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/266506/ssl-vpn-with-certificate-authentication
by Suzanne at Apr 29, 2024, 09:35 PM
Contact Us
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday
Support: Contact now
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).