# NSE7_NST-72 — Question 424

**Type:** multiple_choice
**Topics:** topic_1

## Question

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.
Which action will FortiGate take when using the default settings for SSL certificate inspection?

## Correct Answer

_See scenario._

## Explanation

Selected Answer: D
FortiGate, by default, evaluates the SNI (Server Name Indication) field in the SSL/TLS handshake for certificate inspection. The SNI is compared against rules in the web filter or policies to determine access permissions or actions. It does not prioritize the CN (Common Name) field from the certificate unless explicitly configured to do so. This aligns with standard behavior where the SNI is used for identifying the target host when dealing with HTTPS traffic
https://community.fortinet.com/t5/Support-Forum/website-access-problems/m-p/266814

**Reference:** examtopics_top_comment

---
Source: https://hiexam.net/q/fortinet/NSE7_NST-72/424  
Practice (tracked): https://hiexam.net/study/NSE7_NST-72/practice