Exam NSE4_FGT-6.4 topic 1 question 42 discussion

Actual exam question from Fortinet's NSE4_FGT-6.4

Question #: 42
Topic #: 1

Consider the topology:
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

A. Set the maximum session TTL value for the TELNET service object.
B. Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.
C. Create a new service object for TELNET and set the maximum session TTL.
D. Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

Show Suggested Answer

Suggested Answer: CD 🗳️

by darkMmve at April 22, 2021, 5:43 p.m.

Comments

Submit Cancel

aads

Highly Voted 3 years, 11 months ago

The key here is performing the task without affecting any of the other services. - Not A - Changing the maximum TTL value for TELNET will affect every other policy that references the TELNET service - Not B - Changing the session TTL on the SSLVPN policy will impact other services referenced in the policy. Hence the answer is C and D

upvoted 40 times