View all questions & answers for the NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials exam


Question 52 Discussion

Refer to the exhibit, which shows the packet capture output of a three-way handshake between FortiGate and FortiManager Cloud. What two conclusions can you draw from the exhibit? (Choose two answers)

  • A. FortiGate is connecting to the same IP server and will receive an independent certificate for its connection between FortiGate and FortiManager Cloud.
  • B. If the TLS handshake contains 17 cipher suites it means the TLS version must be 1.0 on this three- way handshake.
  • C. FortiGate will receive a certificate that supports multiple domains because FortiManager operates in a cloud computing environment.
  • D. The wildcard for the domain *.fortinet-ca2.support.fortinet.com must be supported by FortiManager Cloud.
Correct Answer: C,D

Brave-Dump Clients Votes

D 50%
CD 50%

Comments



Mahmoud Mohammedali 2025-12-08 13:16:22

Selected Answers: D


When FortiGate connects to FortiManager Cloud, the TLS handshake involves validating certificates issued by Fortinet's CA. These certificates often use wildcard domains (e.g., *.fortinet-ca2.support.fortinet.com) to cover multiple subdomains in the cloud environment. This ensures secure communication without requiring individual certificates for each subdomain.

Adam 2026-01-20 02:35:09

Selected Answers: C, D


B is wrong because while different TLS versions support different cipher suites, but number of supported cipher suites by client are unrelated to TLS version, and we have "Extension: supported_versions (len=9) TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0" in packet capture so client supports all 4 TLS versions for negotiation with server.

Packet capture shows "Server Name: 9398.support.fortinet-ca2.fortinet.com" in Client Hello.

FortiGate receiving a certificate means receiving FortiManager cloud server certificate, and it will check the requested SNI "Server Name: 9398.support.fortinet-ca2.fortinet.com" against certificate subject CN / SAN DNS.

Both C and D options indicate FortiManager Cloud is using wildcard certificate to be able to support multiple sub-domains.

As there are two required answers, then A can't be right, as it contradicts C and D.
Answer is C and D provided that FortiManager cloud is using wildcard certificate.