Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam NSE4_FGT-6.4 topic 1 question 41 discussion

Actual exam question from Fortinet's NSE4_FGT-6.4
Question #: 41
Topic #: 1
[All NSE4_FGT-6.4 Questions]

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source field of a firewall policy?

  • A. IP address
  • B. Once Internet Service is selected, no other object can be added
  • C. User or User Group
  • D. FQDN address
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference:
https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-in-policy

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
siscoFe
Highly Voted 2 years, 9 months ago
C is correct, I have just confirmed this on a Production Fortigate FW and you can add user/User group but you cannot add Address group with ISDB object. It will simply show a red highlighted error which is read as "Addresses/groups cannot be mixed with Internet Services'
upvoted 22 times
...
G33
Highly Voted 2 years, 10 months ago
B is correct. If your try adding anything else you get an error
upvoted 9 times
G33
2 years, 8 months ago
C is actually the correct ans. if src: you can add user, if dst: you cannot add any other object
upvoted 8 times
wwwwaaaa
4 months, 2 weeks ago
Correct, it is C, just lab tested it
upvoted 1 times
...
...
...
NicolaeEast
Most Recent 1 year, 7 months ago
Selected Answer: C
C. You can't mix ISDB objects with regular address objects. User objects are not restricted in any way. Fortigate Security 7.0 pg 117
upvoted 1 times
...
mob9
1 year, 8 months ago
Selected Answer: C
C is correct and tested (user added and user group are added to policy but ip address or network failed to add) Version 7.0.5
upvoted 3 times
...
SandroAlex
2 years ago
Selected Answer: C
C é a verdadeira
upvoted 1 times
...
hume2022
2 years ago
I think it's "C" Service : This option is only available when Destination Internet Service is off. So if you are on source you should be able to add users and groups, I didn't test but as per theory that is what is looks like. https://docs.fortinet.com/document/fortimanager/6.2.1/administration-guide/663598/create-new-firewall-policy
upvoted 1 times
...
Wachiturro
2 years ago
Addresses/groups cannot be mixed with Internet Services For this reason the answer is the C
upvoted 1 times
...
aandreou020
2 years, 1 month ago
I have tested B is correct
upvoted 2 times
aandreou020
2 years, 1 month ago
Sorry C is correct . On the Source you can have Users+ Groups but not on the Destination
upvoted 2 times
...
...
lrosadini
2 years, 1 month ago
C - you can add USER if you are unig in source. FortiGate Security 6.4 Study Guide - pag 109
upvoted 2 times
...
Rman0059
2 years, 3 months ago
Selected Answer: C
C is correct
upvoted 3 times
...
viestner
2 years, 6 months ago
B. You CANNOT mix regular address objects with ISDB objects, and you CANNOT select services on a firewall policy
upvoted 1 times
viestner
2 years, 6 months ago
Sorry, its C. User/group can be selected only on source, not destination.
upvoted 4 times
...
...
FortiSherlock
2 years, 7 months ago
A and D are not correct for a very simple reason: The internet service dictates them already. If you choose AWS-Web als the service, then AWS has a fixed set of IP addresses and domain names that define them. Makes no sense to say I want to block AWS on Google.com or something like this. If it is Google.com it is not AWS anymore. C is correct and makes sense - I want to block AWS, but only for certain users in my company.
upvoted 2 times
...
jarz
2 years, 8 months ago
Correct answer is A. "You CANNOT mix regular address objects with ISDB objects, and you CANNOT select services on a firewall policy." Direct quote from Security 6.4 study guide page 109.
upvoted 1 times
ChuckC
1 year, 8 months ago
You quoted "You CANNOT mix regular address objects with ISDB objects,". That eliminates A
upvoted 1 times
...
...
Amrani
2 years, 8 months ago
C is the correct answer.
upvoted 1 times
...
jarz
2 years, 9 months ago
The correct Answer is A, you CAN add user/groups if you have added Internet Service as a Source. You CAN'T add (IP) addresses or address groups in the Source if you have Internet Service there also. I just tested this in a VM instance of a FG.
upvoted 1 times
ChuckC
1 year, 8 months ago
Aren't they asking which ones you can add
upvoted 1 times
...
...
Zaiderr
2 years, 10 months ago
C is correct, You can give it a try, HAND ON LAB
upvoted 3 times
...
Djohan23
2 years, 11 months ago
C is Correct. You can prove it by configuring it on FortiGate.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...