ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_ZTA-7.2 All Questions

View all questions & answers for the NSE7_ZTA-7.2 exam
Go to Exam

Exam NSE7_ZTA-7.2 topic 1 question 17 discussion

Actual exam question from Fortinet's NSE7_ZTA-7.2
Question #: 17
Topic #: 1
[All NSE7_ZTA-7.2 Questions]

An administrator wants to prevent direct host-to-host communication at layer 2 and use only FortiGate to inspect all the VLAN traffic.
What three things must the administrator configure on FortiGate to allow traffic between the hosts? (Choose three.)

  • A. Block intra-VLAN traffic in the VLAN interface settings.
  • B. Add the VLAN interface to a software switch.
  • C. Configure static routes to allow subnets.
  • D. Configure a firewall policy to allow the desired traffic between hosts.
  • E. Configure proxy ARP to allow traffic.
Show Suggested Answer Hide Answer
Suggested Answer: ADE 🗳️
by lil_pc1972 at March 25, 2024, 11:34 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lucient
1 year ago
Selected Answer: ADE
A, D, E are correct. Page 62. You can block intra-VLAN traffic on FortiSwitches managed by FortiGates. This prevents direct client-to-client traffic visibility at the Layer2 VLAN layer. Clients can communicate with FortiGate. After the client traffic reaches the FortiGate, FortiGate determines whether to allow various levels of access to the client by shifting the client's network VLAN as appropriate, if allowed by a firewall policy, and if proxy ARP is enabled.
upvoted 2 times
...
Osirisdt89
1 year, 3 months ago
Correct answer ADE
upvoted 1 times
...
E_Nick
1 year, 4 months ago
Selected Answer: ADE
Microsegmentation: Blocking intra-VLan traffic; Prevents Layer-2 connectivity between endpoints in the same VLan. All traffic passes through the FortiGate. When intra-VLan traffic is enabled, to allow traffic in the same VLan, you must enable a firewall policy and proxy-ARP on the FortiGate.
upvoted 4 times
...
lil_pc1972
1 year, 4 months ago
Microsegmentation: Blocking intra-VLan traffic; Prevents Layer-2 connectivity between endpoints in the same VLan. All traffic passes through the FortiGate. When intra-VLan traffic is enabled, to allow traffic in the same VLan, you must enable a firewall policy and proxy-ARP on the FortiGate.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel