ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-7.2 All Questions

View all questions & answers for the NSE4_FGT-7.2 exam
Go to Exam

Exam NSE4_FGT-7.2 topic 1 question 104 discussion

Actual exam question from Fortinet's NSE4_FGT-7.2
Question #: 104
Topic #: 1
[All NSE4_FGT-7.2 Questions]

Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output shown in the exhibit.



What should the administrator do next, to troubleshoot the problem?

  • A. Execute a debug flow.
  • B. Capture the traffic using an external sniffer connected to port1.
  • C. Execute another sniffer on FortiGate, this time with the filter "host 10.0.1.10".
  • D. Run a sniffer on the web server.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Takumi at July 18, 2023, 9:58 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
crose
Highly Voted 1 year, 8 months ago
I can't see questions 105-109????
upvoted 16 times
alig0r
1 year, 2 months ago
same here
upvoted 1 times
...
Imanism
1 year, 3 months ago
Same here
upvoted 2 times
...
DanteHn
1 year, 7 months ago
Same here.
upvoted 8 times
DreBod
1 year, 4 months ago
Same here
upvoted 4 times
...
...
...
raydel92
Highly Voted 1 year, 7 months ago
Selected Answer: A
A. Execute a debug flow. FortiGate Infrastructure 7.2 Study Guide (p.357): "If FortiGate is dropping packets, can a packet capture (sniffer) be used to identify the reason? To find the cause, you should use the debug (packet) flow." Reference and download study guide: https://ebin.pub/fortinet-fortigate-infrastructure-study-guide-for-fortios-72.html
upvoted 7 times
...
coolbacha
Most Recent 1 year, 1 month ago
Answer is A
upvoted 1 times
...
shobee
1 year, 1 month ago
I can't see questions 105-109
upvoted 2 times
...
millerry
1 year, 4 months ago
Selected Answer: A
A. Executing a debug flow will help identify if packets are dropped due to firewall policies or security checks.
upvoted 3 times
...
Sam_2121
1 year, 4 months ago
Same here, can see up to 104
upvoted 4 times
...
Engrmunna
1 year, 5 months ago
which answer should be used during the exam? suggested answer or the answer from Community vote distribution?
upvoted 1 times
moldeadoraafrecho
1 year, 1 month ago
Definitely read the community answers and the references they post, so you can conclude by your own the answer, it is the best approach
upvoted 2 times
...
...
[Removed]
1 year, 5 months ago
Selected Answer: A
Interface is set to any and is checking all traffic on port 80. The webserver is directly connected to the FortiGate. We would see traffic destined to port 80 with this sniffer. The only thing that makes sense is A.
upvoted 1 times
...
Knowledge33
1 year, 7 months ago
Selected Answer: D
The answer is D, not A. It's not mentionned the packet is blocked somewhere. As we can see the sniffer command, we capture packet on all interfaces. Packet arrives on the interface, is captured before being blocked if a policy exist. We can see on the capture thre are syn flood send by the host, but we cannot see the reply from the web server (reply from port 80 to host destination port). If the server replies (sysn ack), It should be on the capture. We need to check on the server why there is no response. That's why we need to Run a sniffer on the web server (answer D).
upvoted 4 times
coolbacha
1 year, 1 month ago
Answer is A and not D As we can see in the sniffer output that the sync requests are only comming to port 3 and not on port1 which means Fortigate is dropping the sync packet between port3 and port1 so this concludes that sync packets are not egressing from port1 towards the Server. so it makes no sense to run a Sniffer on the Web Server. Rather we run a Diagnose on Fortigate and try to find the reason for the packet drop between port3 and port1 hope this helps :)
upvoted 1 times
...
GCISystemIntegrator
1 year, 7 months ago
Hi guys, by any chance can anyone tell me if all the examtopics nse4 questions are on the exam?
upvoted 1 times
...
Knowledge33
1 year, 7 months ago
debug flow on the Fortigate will only help to confirm we do not receive anything from the server.
upvoted 1 times
...
...
Halmonte0780
1 year, 9 months ago
Answer is A, because sniffer shows the ingressing and egressing packets . but we cannot see dropped packets by fortigate in a sniffer. Debugging can show the packets are not entering for any reasons caused by fortigate. So believe if a packed is reached to fortigate and dropped , debug will show us. Debug flow will definitely provide the reason why the packets are dropped. Infrastructure guide 7.2, pages 357
upvoted 3 times
...
Takumi
1 year, 9 months ago
Selected Answer: A
The answer is A
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago