ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_ZTA-7.2
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

exhibit. User student is not able to log in to SSL VPN Given the output showing a real-time debug: which statement describes the login failure?
With the increase in loT devices, which two challenges do enterprises face? (Choose two.)
Which statement is true about FortiClient EMS in a ZTNA deployment?
Exhibit. Which port group membership should you enable on FortiNAC to isolate rogue hosts'?
Which three methods can you use to trigger layer 2 polling on FortiNAC? (Choose three)
Exhibit. Which two statements are true about the hr endpoint? (Choose two.)
Exhibit. Which statement is true about the hr endpoint?
Exhibit. An administrator has to provide on-fabric clients with access to FortiAnalyzer using ZTNA tags Which two conditions must be met to achieve this task? (Choose two.)
Which statement is true regarding a FortiClient quarantine using FortiAnalyzer playbooks?
What are two functions of NGFW in a ZTA deployment? (Choose two.)

Question 17 - NSE7_ZTA-7.2 discussion

Report
Export

An administrator wants to prevent direct host-to-host communication at layer 2 and use only FortiGate to inspect all the VLAN traffic What three things must the administrator configure on FortiGate to allow traffic between the hosts? (Choose three.)

A.
Configure proxy ARP to allow traffic
Answers
A.
Configure proxy ARP to allow traffic
B.
Block intra-VLAN traffic in the VLAN interface settings
Answers
B.
Block intra-VLAN traffic in the VLAN interface settings
C.
Add the VLAN interface to a software switch
Answers
C.
Add the VLAN interface to a software switch
D.
Configure static routes to allow subnets
Answers
D.
Configure static routes to allow subnets
E.
Configure a firewall policy to allow the desired traffic between hosts
Answers
E.
Configure a firewall policy to allow the desired traffic between hosts
Suggested answer: B, D, E

Explanation:

To prevent direct host-to-host communication at layer 2 and use only FortiGate to inspect all the VLAN traffic, an administrator must configure:

B) Block intra-VLAN traffic in the VLAN interface settings: This setting prevents direct communication between hosts within the same VLAN, forcing traffic to be routed through FortiGate for inspection.

D) Configure static routes to allow subnets: By setting up static routes, the administrator ensures that traffic between different subnets is correctly routed through the FortiGate for inspection and policy enforcement.

E) Configure a firewall policy to allow the desired traffic between hosts: Firewall policies on the FortiGate will dictate what traffic is permitted between hosts, ensuring that only authorized traffic is allowed.

The other options are not typically required for this setup:

A) Configure proxy ARP to allow traffic: Proxy ARP is not necessary for this scenario as it involves answering ARP requests on behalf of another host, which is not relevant to blocking intra-VLAN traffic.

C) Add the VLAN interface to a software switch: This would create a switch-like environment on the FortiGate, which is counterproductive to the goal of preventing direct host-to-host communication at layer 2.

FortiGate VLAN Configuration Guide.

Blocking Intra-VLAN Communication in FortiGate.

Show Answer
asked 18/09/2024
Jesus De Leon Luis
47 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms