Refer to the exhibit, which contains a partial configuration of the global system.
What can you conclude from this output?
nse7_efw-72 Exam QuestionsBrowse all questions from this exam
nse7_efw-72 Exam - Question 4
Show AnswerHide Answer
Correct Answer: CD
The configuration uses 'set check-protocol-header loose' which implies that the protocol header check is not strict. Enabling strict header checking would disable all hardware acceleration including NP and CP processing, but since the configuration is set to loose, all hardware acceleration remains enabled. Therefore, NPs (Network Processors) and CPs (Content Processors) are enabled.
Discussion
13 commentsTotoahrenOption: C
Mar 19, 2024Enabling strict header checking disables all hardware acceleration. This includes NP, SP, and CP processing.
ArtbrutOption: C
Feb 28, 2024It's C as per https://docs.fortinet.com/document/fortigate/7.2.4/hardware-acceleration/39956 "Enabling strict header checking disables all hardware acceleration. This includes NP, SP, and CP processing."
charrucoOption: C
Apr 3, 2024the question says: "loose" set check-protocol-header "loose" Enabling "strict" header checking disables all hardware acceleration (not loose config). This includes NP, SP, and CP processing. so C is correct
ba68ea0Option: C
Apr 4, 2024charruco is correct - scrub my comment !
mollyk70Option: D
Feb 26, 2024set check-protocol-header loose command can infer that there is an NP enabled, thus A is wrong. C is wrong D is most close to answer imo
mollyk70
Mar 7, 2024Apologies Study guide P53, set check-protocol-header loose, infers that the NP CP are NOT disabled, so D is wrong C - Correct
FlavioBarbosaOption: D
Feb 27, 2024"D" e a opção correta. Ao habilitar o "check-protocol-header loose" o FortiGate irá fazer um inspeção rigorosa no cabeçalho em L4, com isso TODA aceleração e desativada NP, SP e CP.
Kop01Option: C
Mar 4, 2024Answer : C P53 check-protocol-header strict disables all NPs and CPs. "The option 'strict-dirty-session-check' will enable to check the session against the original policy when re-validating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. enable: Enable strict dirty-session check. disable: Disable strict dirty-session check." https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-fix-fw-strict-dirty-session-check-drop/ta-p/224031
TotoahrenOption: D
Mar 18, 2024Answer: D when check-protocol-header is enabled in strict or loose mode all NPs and CPs are disabled.
ba68ea0
Apr 1, 2024agreed. "Enabling strict header checking disables all hardware acceleration. This includes NP, SP, and CP processing." https://docs.fortinet.com/document/fortigate/7.4.3/hardware-acceleration/39956/strict-protocol-header-checking-disables-hardware-acceleration
charruco
Apr 3, 2024The documentation only mentions strict NOT loose
ba68ea0Option: D
Apr 1, 2024Answer: D "Enabling strict header checking disables all hardware acceleration. This includes NP, SP, and CP processing." https://docs.fortinet.com/document/fortigate/7.4.3/hardware-acceleration/39956/strict-protocol-header-checking-disables-hardware-acceleration
rananajOption: A
Feb 22, 2024The answer is A
Flo31Option: C
Feb 27, 2024The answer is C, nothing here can prove that NP or CP is disabled
5deee77Option: C
Feb 28, 2024The answer is C,
havokduOption: C
May 14, 2024C is the correct answer. check-protocol-header strict diables all NPPs and CPs. Loose doesn't disable them.