View all questions & answers for the FCSS - Enterprise Firewall 7.4 Administrator Exam Materials exam


Question 17 Discussion

What does the command set forward-domain <domain_ID> in a transparent VDOM interface do? (Choose one answer)

  • A. It configures the interface to prioritize traffic based on the domain ID, enhancing quality of service for specified VLANs.
  • B. It isolates traffic within a specific VLAN by assigning a broadcast domain to an interface based on the VLAN ID.
  • C. It restricts the interface to managing traffic only from the specified VLAN, effectively segregating network traffic.
  • D. It assigns a unique domain ID to the interface, allowing it to operate across multiple VLANs within the same VDOM
Correct Answer: D

Brave-Dump Clients Votes

B 50%
D 50%

Comments



Elrasheed 2025-06-24 18:21:05

Selected Answers: B


In a transparent VDOM interface, the command set forward-domain <domain_ID> assigns a specific forwarding domain ID to an interface. This effectively creates a separate broadcast domain for traffic associated with that ID, limiting the scope of broadcast and multicast traffic within that domain. This helps to isolate traffic from different VLANs or network segments, preventing unnecessary flooding of traffic across the entire transparent VDOM

Abdulaziz Alatar 2025-09-06 14:00:03

Selected Answers: D


In a transparent VDOM, the command set forward-domain <domain_ID> is used to assign a forwarding domain ID to an interface. This creates isolated broadcast domains within the same VDOM. Interfaces with the same domain ID can forward traffic between each other, while those with different IDs cannot — even if they’re in the same VDOM.
This allows the FortiGate to bridge multiple VLANs selectively, giving you fine-grained control over Layer 2 traffic segmentation.

❌ Why B is incorrect:
Option B suggests that the command isolates traffic based on VLAN ID, which is misleading. The forward-domain feature is independent of VLAN tagging — it controls Layer 2 broadcast domain behavior, not VLAN membership or tagging.

You had the right intuition earlier when you described how it limits broadcast and multicast traffic. That’s exactly what forward domains are for. Want to see how this plays out in a sample config or topology? I can sketch one out for you.
Option B suggests that the command isolates traffic based on VLAN ID, which is misleading. The forward-domain feature is independent of VLAN tagging — it controls Layer 2 broadcast domain behavior, not VLAN membership or tagging.

Nadia 2025-09-10 17:24:22

Selected Answers: D


It allows interfaces to operate across multiple vlans based on the domain ID

Mohanad Salem 2025-09-20 12:17:07

Selected Answers: B


If your configuration includes more than two VLAN IDs, you should use the set forward-domain command to subdivide a VDOM into multiple broadcast domains using the VLAN ID as the domain ID for easy recognition
so the answer is B