ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam FCP_FGT_AD-7.4 All Questions

View all questions & answers for the FCP_FGT_AD-7.4 exam
Go to Exam

Exam FCP_FGT_AD-7.4 topic 1 question 28 discussion

Actual exam question from Fortinet's FCP_FGT_AD-7.4
Question #: 28
Topic #: 1
[All FCP_FGT_AD-7.4 Questions]

Refer to the exhibit.

Why did FortiGate drop the packet?

  • A. It matched an explicitly configured firewall policy with the action DENY.
  • B. It failed the RPF check.
  • C. The next-hop IP address is unreachable.
  • D. It matched the default implicit firewall policy.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by fab1ccb at Sept. 14, 2024, 3:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ahmadasn9
2 months, 1 week ago
Selected Answer: D
The debug line that matters is the last one: ``` ... fw_forward_handler ... msg="Denied by forward policy check (policy 0)" ``` * **“policy 0”** is FortiGate’s built-in **implicit deny rule**. – Whenever no user-configured firewall policy matches a packet, the FortiGate moves to policy 0 and drops it. Because the packet was rejected by **policy 0**, we know: * It did **not** hit any explicit (numbered) policy you created. * It wasn’t dropped for RPF or routing reasons—those would show different messages. So the correct reason is: **D. It matched the default implicit firewall policy.**
upvoted 1 times
...
sxcap
6 months, 2 weeks ago
Selected Answer: D
Don't get confused with the word "check", the important part is (policy 0), that's the implicit policy
upvoted 1 times
...
Charly0710
7 months, 1 week ago
Selected Answer: D
D is correct. It's clear, "Denied by forward policy check (policy 0)"
upvoted 1 times
...
vuhidus
7 months, 2 weeks ago
Selected Answer: D
It's D
upvoted 1 times
...
262cfa1
8 months ago
Selected Answer: D
D is correct
upvoted 1 times
...
s4mu3l007
8 months ago
D is correct - traffic is denied by implicit firewall rule
upvoted 1 times
...
youla5
9 months, 1 week ago
Policy id 0 is the default drop policy. so D is correct
upvoted 1 times
...
Knocks
9 months, 2 weeks ago
Selected Answer: D
Denied by forward policy check means it matched a deny policy, in this case it has ID 0 so it is the implicit deny
upvoted 1 times
...
fab1ccb
9 months, 3 weeks ago
Selected Answer: D
D because the output shows "Denied by forward policy check (policy 0)" which is the implicit policy
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel