Exam NSE4_FGT-7.0 topic 1 question 76 discussion

B and D about D. https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-disable-Reverse-Path-Forwarding-RPF-per/ta-p/193338 and between B and C take a look here : https://community.fortinet.com/t5/FortiGate/Technical-Note-Reverse-Path-Forwarding-RPF-implementation-and/ta-p/194382 C is not enough as you have to add a supernet route as "feasible patch" or + adding the same route as the best matching one (same subnet, same prefix, same distance) but having a higher priority value than the best match one. This will force the route to be injected in the routing table as a second choice.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-disable-Reverse-Path-Forwarding-RPF-per/ta-p/193338

C and D asymetric routing enable" - trict-src-check disable" + adding a supernet route as "feasible patch"

B and D correct: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-disable-Reverse-Path-Forwarding-RPF-per/ta-p/193338 disable strict-src-check change the RPF mode to feasible path, but does not disable RPF

B is correct, because to disable RPF at interface level you use: config system interface edit <interface> set src-check disable end In other words, one thing is strict-src-check at system level and there is src-check at interfase level.

C - D Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD33955

FortiGate_Infrastructure_7.0_Study_Guide-Online – page 39 enable asymmetric routing and disable checking at the interface level ...reduces security of your network

B & D are correct. Ref Fortigate Security 7.0 - P216

B, C are correct

explanation in comment

I think it's BD because disabling/enabling strict src check only change rpf mode to loose or strict not really disable rpf check.