ExamGecko
Search Search Login
Home Home / Fortinet / NSE4_FGT-7.2
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
Which two statements are correct about SLA targets? (Choose two.)
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

Question 140 - NSE4_FGT-7.2 discussion

Report
Export

Refer to the exhibits.

Exhibit A shows a topology for a FortiGate HA cluster that performs proxy-based inspection on traffic. Exhibit B shows the HA configuration and the partial output of the get system ha status command.

Based on the exhibits, which two statements about the traffic passing through the cluster are true? (Choose two.)

A.
For non-load balanced connections, packets forwarded by the cluster to the server contain the virtual MAC address of port2 as source.
Answers
A.
For non-load balanced connections, packets forwarded by the cluster to the server contain the virtual MAC address of port2 as source.
B.
The traffic sourced from the client and destined to the server is sent to FGT-1.
Answers
B.
The traffic sourced from the client and destined to the server is sent to FGT-1.
C.
The cluster can load balance ICMP connections to the secondary.
Answers
C.
The cluster can load balance ICMP connections to the secondary.
D.
For load balanced connections, the primary encapsulates TCP SYN packets before forwarding them to the secondary.
Answers
D.
For load balanced connections, the primary encapsulates TCP SYN packets before forwarding them to the secondary.
Suggested answer: A, D

Explanation:

FortiGate Infrastructure 7.2 Study Guide (p.317 & p.320): 'To forward traffic correctly, a FortiGate HA solution uses virtual MAC addresses.' 'The primary forwards the SYN packet to the selected secondary. (...) This is also known as MAC address rewrite. In addition, the primary encapsulates the packet in an Ethernet frame type 0x8891. The encapsulation is done only for the first packet of a load balanced session. The encapsulated packet includes the original packet plus session information that the secondary requires to process the traffic.'

Show Answer
asked 18/09/2024
Jose Leston
41 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms