Exam FCP_FGT_AD-7.4 Topic 3 Question 75 Discussion

Actual exam question for Fortinet's FCP_FGT_AD-7.4 exam
Question #: 75
Topic #: 3
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)

Suggested Answer: A,B Vote an answer

Full SSL inspection - Certificate requirements:
FortiGate is acting as a proxy web server. In order for FortiGate to act in these roles, its CA certificate must have the basic constraints extension set to cA=True and the value of the keyUsage extension set to keyCertSign.
The CA=True value identifies the certificate as a CA certificate. The KryUsage =KeyCertSign value indicates that the certificate corresponding private key is permitted to sign certificates. see RFC 5280 section 4.2.1.9 basic Constraints.
Although it appears as though the user browser is connected to the web server, the browser is connected to FortiGate. FortiGate is acting as a proxy web server. In order for FortiGate to act in these roles, its CA certificate must have the basic constraints extension set to cA=True and the value of the keyUsage extension set to keyCertSign.

by Yedda at Jan 23, 2025, 07:51 AM

Limited Time Offer

15%

Off

Get Premium FCP_FGT_AD-7.4 Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10