ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam FCP_FGT_AD-7.4 All Questions

View all questions & answers for the FCP_FGT_AD-7.4 exam
Go to Exam

Exam FCP_FGT_AD-7.4 topic 1 question 60 discussion

Actual exam question from Fortinet's FCP_FGT_AD-7.4
Question #: 60
Topic #: 1
[All FCP_FGT_AD-7.4 Questions]

Refer to the exhibits, which show a diagram of a FortiGate device connected to the network. VIP object configuration, and the firewall policy configuration.







The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10.0.1.254/24.

If the host 10.200.3.1 sends a TCP SYN packet on port 8080 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be at the time FortiGate forwards the packet to the destination?

  • A. 10.0.1.254, 10.200.1.10, and 8080, respectively
  • B. 10.0.1.254, 10.0.1.10, and 80, respectively
  • C. 10.200.3.1, 10.0.1.10, and 80, respectively
  • D. 10.200.3.1, 10.0.1.10, and 8080, respectively
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by CharlieS8 at Oct. 25, 2024, 4:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sxcap
2 weeks ago
Selected Answer: C
there is no NAT so the source address still the original, There is a VIP so the destination address is translated to the mapped address, There is a port forward from 8080 to 80 so the destination port is the mapped port (80)
upvoted 1 times
...
x666
2 weeks, 2 days ago
Selected Answer: C
Ignoring the mistake on the firewall policy, the intended answer should be C.
upvoted 1 times
...
RNAV28
1 month ago
Selected Answer: D
Broken question.. Did anyone notice that the firewall policy services is "HTTPS" The policy services does not allow the VIP ports to pass. I only selected "D" because the discussion form required an entry.
upvoted 3 times
...
vuhidus
1 month, 1 week ago
Selected Answer: C
Answer is C
upvoted 1 times
...
Vusalrabalon
1 month, 2 weeks ago
Selected Answer: C
C is correct
upvoted 1 times
...
hassan76
1 month, 3 weeks ago
Selected Answer: B
https://www.examtopics.com/discussions/fortinet/view/102884-exam-nse4_fgt-72-topic-1-question-52-discussion/
upvoted 1 times
hassan76
1 month, 2 weeks ago
Sory, nat is disable this question, So correct answer is C
upvoted 1 times
...
...
fa7474b
2 months ago
Selected Answer: C
Just confirmed this is C by testing it in the Training Lab (lab 2 allows you to test this pretty easily).
upvoted 2 times
...
felixliao
2 months ago
Selected Answer: C
NAT is disabled on the Allow_access policy, which is the policy of interest here as the traffic is coming IN WAN port1 and going to the server out LAN port3.
upvoted 1 times
...
s4mu3l007
2 months ago
B. 10.0.1.254, 10.0.1.10, and 80, respectively 10.200.3.1 --> 10.0.1.254 because NAT enable in firewall policy 10.200.1.10 --> 10.0.1.10 because VIP as Destination 8080 --> 80 because Port Forwarding enabled on VIP
upvoted 1 times
CharlieS8
2 months ago
the answer is C. the source is 10.200.3.1 since there is no nat enabled on the inbound policy.
upvoted 4 times
...
fa7474b
2 months ago
NAT is disabled on the Allow_access policy, which is the policy of interest here as the traffic is coming IN WAN port1 and going to the server out LAN port3.
upvoted 4 times
...
...
CharlieS8
2 months, 1 week ago
C correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago