ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-7.0 All Questions

View all questions & answers for the NSE4_FGT-7.0 exam
Go to Exam

Exam NSE4_FGT-7.0 topic 1 question 83 discussion

Actual exam question from Fortinet's NSE4_FGT-7.0
Question #: 83
Topic #: 1
[All NSE4_FGT-7.0 Questions]

Refer to the exhibits.


An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. Remote-User1 must be able to access the
Webserver. Remote-User2 must not able to access the Webserver.
Which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

  • A. Set the Destination address as Deny_IP in the Allow_access policy.
  • B. Enable match-vip in the Deny policy.
  • C. Set the Destination address as Webserver in the Deny policy.
  • D. Disable match-vip in the Deny policy.
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by h0p3l3ss at Sept. 3, 2022, 2:35 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
h0p3l3ss
Highly Voted 10 months, 2 weeks ago
Selected Answer: BC
It should set match-vip enable, nor disable it... Reference:https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firewall-does-not-block-incoming-WAN-to-LAN/ta-p/189641
upvoted 15 times
...
theFrank198
Most Recent 4 months, 3 weeks ago
Selected Answer: BC
B and C
upvoted 1 times
...
Fabio6699
6 months, 1 week ago
Selected Answer: BC
Answer is B & C. Enable match VIP and set as destination on policy ID 4
upvoted 2 times
...
PoBratsky
6 months, 2 weeks ago
Selected Answer: BC
B and C is correct
upvoted 3 times
...
giulianorco
7 months, 1 week ago
Selected Answer: BC
By default firewall address objects not match VIPs and match-vip is disabled on policy, The ALL in first policy not include any VIPs, so traffic skip the first policy and match Allow_access. The Admin have solution: 1. enable match-vip in in Deny policy 2. Set escplicitly in field destination of Deny policy address Webserver
upvoted 2 times
...
JT20
8 months ago
Selected Answer: BC
Fortigate Security page 169
upvoted 1 times
...
SorryUncle
8 months ago
Selected Answer: BC
Can someone please fix this question to reflect the correct answer which is B & C. Why am I paying for this exam if the answers are wrong!?
upvoted 4 times
...
garciacarral
8 months, 4 weeks ago
Selected Answer: BC
B and C are correct.
upvoted 1 times
...
nomeursy
10 months ago
Selected Answer: BC
B,C correct: Fortigate_Security page 169
upvoted 1 times
...
Power_Shell
10 months, 1 week ago
Selected Answer: BC
B and C
upvoted 2 times
...
Febrian
10 months, 1 week ago
It's BC, enable match vip makes fortigate check vip object.
upvoted 3 times
...
Babnav
10 months, 2 weeks ago
Selected Answer: BC
set match-vip enable or set object in the destination
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago