View all questions & answers for the NSE 4 - FortiOS 7.6 Administrator Exam Materials exam


Question 74 Discussion

Based on the routing table shown in the exhibit, which two statements are true? (Choose two answers)

  • A. A packet with the source IP address 10.100.110.10 arriving on port3 is allowed if strict RPF is disabled.
  • B. A packet with the source IP address 10.100.110.10 arriving on port2 is allowed if strict RPF is enabled.
  • C. A packet with the source IP address 10.0.13.10 arriving on port2 is allowed if strict RPF is disabled.
  • D. A packet with the source IP address 10.10.10.10 arriving on port2 is allowed if strict RPF is enabled.
Correct Answer: B,C

Brave-Dump Clients Votes

BC 66.67%
AC 33.33%

Comments



Mahboab Ali Ghaleb 2025-07-10 07:27:55

Selected Answers: A, C


also B is Correct

Ahmed Ezzat 2025-07-19 02:47:09

Selected Answers: B, C


Why B is wrong?

Sanjay Jairaj 2025-08-23 22:56:08

Selected Answers: B, C


Option D is clearly wrong. With strict RPF enabled, the FortiGate checks that the return path to the source would use the same interface the packet arrived on
defencedev.com
. For a source of 10.10.10.10, the routing table shows the return path is via the 10.10.10.0/24 route on port 3. If such a packet arrives on port 2, the return path doesn’t match and strict RPF drops it.

Option A is not considered correct in the exam, even though it can appear reasonable. When strict RPF is disabled, FortiGate uses loose RPF, which permits a packet as long as there is a route back to the source
defencedev.com
. In this case the only route back to 10.100.110.10 is the default route via port 2, not the incoming port 3. Exam guidance takes a conservative view that, without a more specific route to the source (and with no RPF enabled on that interface), such a packet would not be accepted. Hence, the exam omits Option A and selects only B and C as the correct answers.