Fortinet Exam NSE8_812 Topic 2 Question 31 Discussion

Actual exam question for Fortinet's NSE8_812 exam

Question #: 31
Topic #: 2

[All NSE8_812 Questions]

Refer to the CLI output:

Given the information shown in the output, which two statements are correct? (Choose two.)

AGeographical IP policies are enabled and evaluated after local techniques.

BAttackers can be blocked before they target the servers behind the FortiWeb.

CThe IP Reputation feature has been manually updated

DAn IP address that was previously used by an attacker will always be blocked

EReputation from blacklisted IP addresses from DHCP or PPPoE pools can be restored

Show Suggested Answer

Suggested Answer: B, D, E

Bmust be set to enable mode-cfg, which is required for injecting IKE routes on the ADVPN shortcut tunnels.

Dmust be set to enable add-route, which is the command that actually injects the IKE routes.

Emust be set to enable mode-cfg-allow-client-selector, which allows custom phase 2 selectors to be configured.

The other options are incorrect. Option A is incorrect because net-device disable is not required for injecting IKE routes on the ADVPN shortcut tunnels. Option C is incorrect because IKE version 1 is not supported for ADVPN.

References:

Phase 2 selectors and ADVPN shortcut tunnels | FortiGate / FortiOS 7.2.0

Configuring SD-WAN/ADVPN with FortiGate | FortiGate / FortiOS 7.2.0

by Marcelle at Sep 11, 2024, 04:28 PM

Limited Time Offer

25%

21 days ago

I think the correct statements are B and C.

upvoted 0 times

...