View all questions & answers for the NSE 6 - FortiClient EMS 7.4 Administrator Exam Materials exam


Question 45 Discussion

Which security attribute is verified during the SSL connection negotiation between FortiClient and FortiClient EMS to mitigate man-in-the-middle (MITM) attacks? (Choose one answer)

  • A. serial number (SN)
  • B. common name (CN)
  • C. location (L)
  • D. organization (O)
Correct Answer: A

Brave-Dump Clients Votes

A 75%
B 25%

Comments



Anonymous99 2025-08-13 16:17:54

Selected Answers: A


A is correct

mahmoud mostafa 2025-12-06 15:37:54

Selected Answers: B


In ssl handshake verification, the client verify server cert for cn,san,validation,revocation
and SN is not a must attribute
serial NO. just to ensure that , there is not 2 certs issued by same ca has the same identifier
  • Xavier E. Diaz 2025-12-08 00:27:16
    Here Gemini explanation of why option A ( serial number) is INCORRECT "Mitigation of MITM Attacks: To prevent a MITM attack, the client must confirm that the domain/hostname it intended to connect to is the one listed on the server's certificate. This domain check is performed against the Common Name (CN) or the Subject Alternative Name (SAN) field of the certificate. An attacker can create a certificate with a unique SN, but they cannot impersonate the legitimate EMS server unless they also possess a certificate trusted by FortiClient that contains the correct EMS hostname in the CN/SAN fields." I think the answer is B "CN"
  • mahmoud mostafa 2025-12-08 14:44:03
    this Really confusing for the ssl concept ,,, the answer is B but in fctems-fcp-study guide pg 221 "FortiClient automatically installs certificates into the certificate store. The certificate information in the store, such as certificate UID and SN, should match the information on FortiClient EMS and FortiGate. To locate certificates on operating systems, consult the vendor documentation. You can use the CLI command diagnose endpoint ec-shm list a to verify the presence of matching endpoint record, and information such as the client UID, client certificate SN, and EMS certificate SN on the FortiGate. If any of the information is missing or incomplete, client certificate authentication might fail because FortiClient cannot locate the corresponding endpoint entry. "

mahmoud mostafa 2025-12-08 14:45:51

Selected Answers: A


As We commented later
and as per FCTEMS-FCP pg 221
its <<<<<<<<A>>>>>>>

skouba 2026-02-11 01:03:44

Selected Answers: A


Study guide page 223