Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration. An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. The policy should work such that Remote-User1 must be able to access the Webserver while preventing Remote-User2 from accessing the Webserver. Which additional configuration can the administrator add to a deny firewall policy, beyond the default behavior, to block Remote-User2 from accessing the Webserver? (Choose one answer)

A. Disable match-vip in the Allow_access policy.
B. Configure a One-to-One IP Pool object in a new policy.
C. Set the Destination address as Webserver in the Deny policy.
D. Set the Destination address as Deny_IP in the Allow_access policy.

Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments

Thomas Pfaff 2025-12-03 22:38:30

Selected Answers: C

This feels like a poor question to me...it would make more sense if the question was "How can the Deny policy be adjusted to allow Remote_User2 to still access other portions of the network while still blocking access to the Webserver" or something

Right now the question is asking what ADDITIONAL configuration can be done to block access to the Webserver from RU-2, but there doesn't need to be any additional configuration, the "all" dst is already denying access