ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-6.4 All Questions

View all questions & answers for the NSE4_FGT-6.4 exam
Go to Exam

Exam NSE4_FGT-6.4 topic 1 question 51 discussion

Actual exam question from Fortinet's NSE4_FGT-6.4
Question #: 51
Topic #: 1
[All NSE4_FGT-6.4 Questions]

Refer to the exhibit.

Why did FortiGate drop the packet?

  • A. It matched an explicitly configured firewall policy with the action DENY.
  • B. The next-hop IP address is unreachable.
  • C. It failed the RPF check.
  • D. It matched the default implicit firewall policy.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by yadavarya97 at Aug. 22, 2021, 8:33 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
moneim
Highly Voted 3 years, 8 months ago
Answer is "D". If it was dropped by RPF, the log would've been "reverse path check fail, drop" See KB ==> https://kb.fortinet.com/kb/documentLink.do?externalID=FD31702
upvoted 9 times
zqrni
3 years, 7 months ago
agreed
upvoted 1 times
...
...
zqrni
Highly Voted 3 years, 8 months ago
The answer is D: Root causes for "Denied by forward policy check" 1- There is no firewall policy matching the traffic that needs to be routed or forwarded by the FortiGate (Traffic will hit the Implicit Deny rule) 2- The traffic is matching a DENY firewall policy 3- The traffic is matching a ALLOW firewall policy, but DISCLAIMER is enabled, in this case, traffic will not be accepted unless end user will accept the HTTP disclaimer purposed by Fortigate while browser external site. In this case we are in the first situation because at the end of the log it says policy 0. For more details check the link: https://kb.fortinet.com/kb/documentLink.do?externalID=FD31702
upvoted 6 times
...
SandroAlex
Most Recent 3 years, 1 month ago
Selected Answer: D
D é a verdadeira
upvoted 1 times
...
kemi01
3 years, 1 month ago
Default policy (policy 0) ,hence answer D is correct
upvoted 2 times
...
steef1982
3 years, 8 months ago
I believe its D: Implicit Deny = “policy 0”
upvoted 5 times
...
yadavarya97
3 years, 8 months ago
C.. failed bcoz of reverse path forwarding check
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago