ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-6.4 All Questions

View all questions & answers for the NSE4_FGT-6.4 exam
Go to Exam

Exam NSE4_FGT-6.4 topic 1 question 77 discussion

Actual exam question from Fortinet's NSE4_FGT-6.4
Question #: 77
Topic #: 1
[All NSE4_FGT-6.4 Questions]

Refer to the exhibit, which contains a session list output.

Based on the information shown in the exhibit, which statement is true?

  • A. Port block allocation IP pool is used in the firewall policy
  • B. Destination NAT is disabled in the firewall policy
  • C. Overload NAT IP pool is used in the firewall policy
  • D. One-to-one NAT IP pool is used in the firewall policy
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by phototrait at June 30, 2021, 6:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
KemalM
Highly Voted 3 years, 6 months ago
Answer: D Fortigate Security 6.4 Study Guide P.155
upvoted 6 times
...
SandroAlex
Most Recent 3 years, 1 month ago
Selected Answer: D
D é a verdadeira, porém... Port Block Allocation e Overload fazem PAT, não podem ser verdadeiras. Destination NAT não é aplicada na política e sim no menu VIP (sem Central NAT) ou DNAT & VIP (com Central NAT). Não é possível garantir que se trata de One-to-one NAT pois a saída de Fixed Port Range NAT é a mesma. Logo, como questão só tem a opção One-to-one NAT, acredito que ela seja a verdadeira.
upvoted 1 times
...
Tanith
3 years, 1 month ago
D is correct.
upvoted 1 times
...
RatheeshRavindran
3 years, 3 months ago
Selected Answer: D
D is correct
upvoted 4 times
Zoronyx
3 years, 3 months ago
Same screenshoot on FGT study guide 6 p127. Key is that same ports are used for both ingress and egress address. This one to one. Answer D
upvoted 3 times
...
...
MrSaintz
3 years, 4 months ago
Selected Answer: B
Might I suggest that Destination NAT being disabled is actually the only conclusive true statement? Speaking of SNAT, default "use interface ip address", and running the same command, shows that some sessions where SNAT is applied might keep source-port intact, its assumed that it will overload and start applying PAT at some point, but it doesn't actually always occur. In fact you can set the policy to preserve source-port, even while configuring dynamic pool with overload and (naturally) one-to-one. C and D can both generate the same output in the end if we can't see the policy configuration... IMHO
upvoted 2 times
Ragnar77
2 years, 10 months ago
no way, your stamtment is true , Overload not always do PAT when there are few sessionst.But you can't enable DNAT in the firewall policy... so the answere is D. moreover you cant say it's ovlerload nor Port block allocation beacuse they are same pool type.
upvoted 1 times
...
...
Miguex125
3 years, 4 months ago
For me the answer is "C" considering this link: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/29961/dynamic-snat
upvoted 1 times
Miguex125
3 years, 4 months ago
I was wrong, reading again fortinet docs, the correct answer is one to one.
upvoted 2 times
...
...
MoBaraka
3 years, 6 months ago
D is correct.
upvoted 2 times
...
forti_Ctes
3 years, 7 months ago
D is correct. FortiGate_Security_6.4 Page 156
upvoted 3 times
...
Gape4
3 years, 9 months ago
D is Correct. No Doubt.
upvoted 4 times
Pierrot26
3 years, 7 months ago
Why it cannot be C ? one to one 10.1.0.1 SNAT 10.200.1.1 10.1.0.2 SNAT 10.200.1.2 etc.... overload : 10.1.0.1 SNAT 10.200.1.1 10.1.0.2 SNAT 10.200.1.1 etc.... but here we have only one source... It's impossible to compare overload vs one-to-one ?
upvoted 6 times
Imanism
3 years, 6 months ago
One to One is first come first served. In one to one, PAT is not required. Source port and destination port is the same
upvoted 3 times
...
...
...
xela2005
3 years, 9 months ago
D is correct. FortiGate_Security_6.4 page 155 . In one-to-one, PAT is not required.
upvoted 3 times
...
Jancy_111
3 years, 10 months ago
D is correct answer
upvoted 1 times
...
phototrait
3 years, 10 months ago
D is correct. FortiGate_Security_6.4 page 155
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago