View all questions & answers for the NSE 4 - FortiOS 7.6 Administrator Exam Materials exam


Question 36 Discussion

Refer to the exhibits. An administrator has observed the performance status outputs on an HA cluster for 55 seconds. Which FortiGate is the primary? (Choose one answer)

  • A. HQ-NGFW-2 with the parameter memory-failover-threshold setting
  • B. HQ-NGFW-2 with the parameter priority setting
  • C. HQ-NGFW-1 with the parameter memory-failover-flip-timeout setting
  • D. HQ-NGFW-1 with the parameter override setting
Correct Answer: A

Brave-Dump Clients Votes

A 60%
C 30%
D 10%

Comments



Alex 2025-06-26 10:59:18

Selected Answers: A


Pretty sure the answer to this is A, since the primary firewall is set to failover if memory usage is above 70% for 50 seconds, and it's been 55.
  • Capi 2025-10-31 01:57:59
    Where do you see its been 55sec?
  • Capi 2025-10-31 01:58:26
    My bad its part of the question

Mahboab Ali Ghaleb 2025-07-10 00:04:58

Selected Answers: A


When the memory on the primary reaches the threshold (70%) and stays like that for 50 seconds, then the
cluster elects a new primary.

Miroslaw Lerch 2025-09-01 11:35:11

Selected Answers: D


Key facts from your reference (Fortinet docs):

1. Failover can be triggered by memory utilization exceeding the configured memory-failover-threshold.
2. Memory must stay above threshold for the full monitor-period (e.g. 60 seconds).
3. The check runs every memory-failover-sample-rate (default = 1 sec).
4. If memory usage > threshold continuously for that entire period → failover is triggered.
5. If a failover already occurred recently due to memory, the memory-failover-flip-timeout prevents flip-flopping.

Applying this to the scenario (observed for 55 seconds)
• The question explicitly says the outputs were observed for 55 seconds.
• Default memory-failover-monitor-period is 60 seconds.
• That means even if memory usage is above the threshold, the failover hasn’t yet triggered, because the condition wasn’t sustained for the full 60 seconds.
• So the primary is still the original FortiGate (no failover has occurred yet).

Since the memory threshold condition must persist for 60 seconds, and the admin only observed for 55 seconds, no memory-based failover has occurred yet. Therefore, HQ-NGFW-1 is still the primary, and its role is maintained because of the override setting ensuring it remains primary until an actual failover event occurs.

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/823734/ha-failover-due-to-memory-utilization
  • Brave-Dumps Admin 2025-09-01 11:58:17
    Answer A is correct. The configured memory failover threshold is 70%, and FW-1 is running at 90%. The monitored period is set to 50 seconds, while the question states that the admin observed the output for 55 seconds. This means FW-1 has remained above the 70% threshold for more than the configured monitoring period, while the memory usage on FW-2 is below 70%.

ahmad smadi 2025-12-13 19:56:50

Selected Answers: C


the answer must be C bec the checking time is 55 but the configuration when reach to 60 sec will change the primary
C. HQ-NGFW-1 with the parameter memory-failover-flip-timeout setting
bec the memory-failover-flip-timeout is 60 sec

Vic Geek 2025-12-18 03:45:46

Selected Answers: C


Answer is C according to this article https://docs.fortinet.com/document/fortigate/7.0.0/new-features/823734/ha-failover-due-to-memory-utilization
"If the FortiGate meets the memory usage conditions to cause failover, the failover does not occur if the last failover on that FortiGate was triggered by high memory usage within the timeout period (memory-failover-flip-timeout)."
"memory-failover-flip-timeout <integer>
The time to wait between subsequent memory based failovers, in minutes (6 - 2147483647, default = 6)."

Mariusz 2025-12-28 17:23:14

Selected Answers: A


Prety sure that correct answer is A

Anonymous User 2026-01-05 16:00:54

Selected Answers: A


Answer is A. Reason is set memory-failover-monitor-period 50: The amount of time (in seconds) the memory must stay above the threshold before the failover occurs, preventing triggers from brief "spikes".
while set memory-failover-flip-timeout 60: A timer to prevent the cluster from "flapping" (bouncing back and forth) between units too quickly if memory levels fluctuate.

Rafael Martins 2026-01-19 02:11:51

Selected Answers: C


A or C?

Anonymous User 2026-01-21 03:19:07

Selected Answers: A


A

Anonymous User 2026-01-27 04:48:39

Selected Answers: A


Observed for 55 seconds