ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam FCSS_EFW_AD-7.4 All Questions

View all questions & answers for the FCSS_EFW_AD-7.4 exam
Go to Exam

Exam FCSS_EFW_AD-7.4 topic 1 question 34 discussion

Actual exam question from Fortinet's FCSS_EFW_AD-7.4
Question #: 34
Topic #: 1
[All FCSS_EFW_AD-7.4 Questions]

During the maintenance window, an administrator must sniff all the traffic going through a specific firewall policy, which is handled by NP6 interfaces. The output of the sniffer trace provides just a few packets.
Why is the output of sniffer trace limited?

  • A. The traffic corresponding to the firewall policy is encrypted.
  • B. auto-asic-off load is set to enable in the firewall policy,
  • C. inspection-mode is set to proxy in the firewall policy.
  • D. The option npudbg is not added in the diagnose sniff packet command.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Tweefo at March 27, 2025, 10:25 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Yaghu
3 months, 3 weeks ago
Selected Answer: B
auto-asic offload diverts traffic to the NP6 processor. Disabling this command forces packets to be processed by the CPU, which allows all traffic within the policy to be seen with configured sniffers.
upvoted 1 times
...
Tweefo
3 months, 3 weeks ago
Selected Answer: B
I'd go with B. With npubdg, the esp packets that are offloaded on np6 will be capturated. If I want to see all packet, I need to disable auto-asic-off load on the firewall rules
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel