ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-6.4 All Questions

View all questions & answers for the NSE4_FGT-6.4 exam
Go to Exam

Exam NSE4_FGT-6.4 topic 1 question 25 discussion

Actual exam question from Fortinet's NSE4_FGT-6.4
Question #: 25
Topic #: 1
[All NSE4_FGT-6.4 Questions]

Refer to the exhibit.



The exhibit contains a network diagram, firewall policies, and a firewall address object configuration.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-user2. Remote-user2 is still able to access Webserver.
Which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

  • A. Disable match-vip in the Deny policy.
  • B. Set the Destination address as Deny_IP in the Allow-access policy.
  • C. Enable match-vip in the Deny policy.
  • D. Set the Destination address as Web_server in the Deny policy.
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by darkMmve at April 22, 2021, 5:05 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ishan_Dis
Highly Voted 3 years, 11 months ago
By default does not match vip in deny policy for destination all. So 2 options wehave 1. Enable match vip in the Deny policy. 2. Add destination as webserver in deny policy
upvoted 8 times
...
Djohan23
Highly Voted 3 years, 12 months ago
C & D is correct answer. You can find the answer in "FortiGate Security 6.4 Self Study" page 159.
upvoted 8 times
ash8
3 years, 11 months ago
But there is written that Set the destination address as vip object look "FortiGate Security 6.4 Self Study" page 160.
upvoted 3 times
...
...
Cornelius360
Most Recent 2 years, 11 months ago
C and D is correct
upvoted 1 times
...
SandroAlex
3 years, 1 month ago
Selected Answer: CD
C e D são verdadeiras
upvoted 1 times
...
Alybely
3 years, 1 month ago
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firewall-does-not-block-incoming-WAN-to-LAN/ta-p/189641
upvoted 1 times
...
lrosadini
3 years, 3 months ago
C D - FortiGate Security 6.4 Self Study. Pag 160
upvoted 1 times
...
damcol
3 years, 5 months ago
Should be more precise saying the VIP of the WebServer instead of the web server.
upvoted 2 times
...
SamX
4 years ago
C, D are correct
upvoted 3 times
...
darkMmve
4 years ago
C and D are correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago