ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-6.4 All Questions

View all questions & answers for the NSE4_FGT-6.4 exam
Go to Exam

Exam NSE4_FGT-6.4 topic 1 question 40 discussion

Actual exam question from Fortinet's NSE4_FGT-6.4
Question #: 40
Topic #: 1
[All NSE4_FGT-6.4 Questions]

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase
2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

  • A. On HQ-FortiGate, enable Diffie-Hellman Group 2.
  • B. On HQ-FortiGate, enable Auto-negotiate.
  • C. On Remote-FortiGate, set Seconds to 43200.
  • D. On HQ-FortiGate, set Encryption to AES256.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Xillar at April 4, 2021, 12:03 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Lionardo
Highly Voted 4 years ago
D is correct. FortiGate_Infrastructure_6.4 page 230 Encryption algorithm must be the same.
upvoted 13 times
...
siscoFe
Highly Voted 3 years, 10 months ago
D is correct, the Encryption and authentication algorithm needs to match inorder for IPSEC be successfully established
upvoted 6 times
...
manchrivo
Most Recent 2 years, 9 months ago
D is correct
upvoted 1 times
...
ChuckC
2 years, 9 months ago
Selected Answer: D
Diffe-Hiellman only needs one value to match according to https://docs.fortinet.com/document/fortigate/6.2.7/cookbook/604285/phase-2-configuration which makes A wrong
upvoted 1 times
...
maxhoman
2 years, 11 months ago
Selected Answer: D
D is correct
upvoted 1 times
...
mario156090
3 years, 2 months ago
D is the answer.
upvoted 1 times
...
Nirvanero94
3 years, 2 months ago
Selected Answer: D
D, es correcta, deben coincidir los 2 metodos de encripción para subir la fase 2. Comprobado
upvoted 2 times
...
Flo31
3 years, 4 months ago
Selected Answer: D
D is correct
upvoted 2 times
...
BIGRAOU
3 years, 4 months ago
Selected Answer: D
FortiGate_Infrastructure_6.4_Study_Guide-Online, PAGE 230 Phase 2 - Phase 2 proposal
upvoted 2 times
...
mrtim5700
3 years, 4 months ago
Selected Answer: D
This is presented as one right answer, so I will treat it as that. D is correct, if the encryption proposals don't match, it is not going to come up. However, if this were my set up, I'd make PFS and lifetime match as well.
upvoted 3 times
...
reih89
3 years, 4 months ago
Are Two correct Answer, AD
upvoted 1 times
lrosadini
3 years, 2 months ago
both have group 5
upvoted 2 times
...
...
mrigen888
3 years, 8 months ago
D is correct
upvoted 4 times
...
Datahive
3 years, 10 months ago
D is correct
upvoted 2 times
...
Bluegrass168
3 years, 10 months ago
D is right. But also want to confirm one thing: Is any one of the DH group matched will also allow to bring up the P2? assumed others matched already.
upvoted 1 times
...
G33
3 years, 12 months ago
D is correct
upvoted 2 times
...
davidone
4 years ago
D is correct
upvoted 1 times
...
Xillar
4 years ago
D is the correct answer
upvoted 3 times
Vespucci
3 years, 4 months ago
D is the correct answer
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago