Exam NSE4_FGT-7.2 All Questions

View all questions & answers for the NSE4_FGT-7.2 exam

Exam NSE4_FGT-7.2 topic 1 question 16 discussion

Actual exam question from Fortinet's NSE4_FGT-7.2

Question #: 16
Topic #: 1

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.
Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)

A. Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
B. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
C. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
D. Enable Dead Peer Detection.

Show Suggested Answer

Suggested Answer: BD 🗳️

by jberol at Jan. 4, 2023, 12:16 p.m.

Comments

Submit Cancel

raydel92

Highly Voted 1 year, 9 months ago

Selected Answer: BD

B. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel. D. Enable Dead Peer Detection. Reference and download study guide: https://ebin.pub/fortinet-fortigate-infrastructure-study-guide-for-fortios-72.html

upvoted 6 times

...

geroboamo

Highly Voted 2 years ago

Selected Answer: BD

B - a lower distance will be preferred for route selection D - Dead peer detection will detect tunnel failure

upvoted 6 times

...

ndrdb

Most Recent 10 months, 2 weeks ago

Selected Answer: BD

B. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel. D. Enable Dead Peer Detection.

upvoted 1 times

...

MedialineIsTheBest

1 year, 5 months ago

B and D for sure

upvoted 1 times

...

1 year, 10 months ago

Answer: BD. Study Guide: Infra: Page 276

upvoted 3 times

...

mcclane654

1 year, 11 months ago

Selected Answer: BD

BD, as explained in the IPsec videos in the official nse4 training guide from fortinet

upvoted 1 times

...

2 years, 3 months ago

I just wrote NSE4 7.2 exam and I failed it. It shows that I got no answer correctly on routing. I looked a these questions and answers compared with the official fortinet exam and I can see that I got the answers correctly. How do I query this with fortinet or pearson vue in order for my exam to be reviewed ? my email [email protected]

upvoted 1 times

ChinkSantana

2 years, 3 months ago

Hello Sir. What practise material did you use?

upvoted 1 times

...

IckoPCNSE

2 years, 3 months ago

Did you use the answers given by default here(initially) or you used the answers given by the people from the comment section which (some of them) are completely different ?

upvoted 1 times

018ea9e

1 year, 8 months ago

Should I pay attention to the comments? Which is the answer comment or the default one?

upvoted 3 times

...

reaz

2 years, 3 months ago

what answer should be taken into consideration

upvoted 2 times

...

GeniusA

1 year, 5 months ago

Should people used the ''Default answers'' or the ''Most wanted'' comment section?

upvoted 2 times

Tuxzinator

10 months, 2 weeks ago

study and you know the answer.

upvoted 1 times

...

kosta_georgiev

2 years, 4 months ago

Selected Answer: BD

Correct answers are B and D Lower distance means higher priority DPD is used to check the status of the tunnel by sending hello packets between peers.

upvoted 2 times

...

tscholz

2 years, 4 months ago

Selected Answer: BD

Lower distance = higher priority Dead peer detection does heartbeat testing of VPN tunnels.

upvoted 3 times

...

Load full discussion...