Examice

Exam nse7_efw-72 All QuestionsBrowse all questions from this exam

Go to Exam

Question 42

Refer to the exhibit, which shows a partial routing table.

What two conclusions can you draw from the corresponding FortiGate configuration? (Choose two.)

OSPF is configured to run over IPSec.

net-device is enabled in the tunnel IPSec phase 1 configuration.

IPSec tunnel aggregation is configured.

add-route is disabled in the tunnel IPSec phase 1 configuration.

Correct Answer: B, D

From the routing table, we can infer that net-device is enabled in the tunnel IPSec phase 1 configuration because there are distinct interfaces for each tunnel (tunnel_0, tunnel_1). This would be the result of enabling net-device, which allows multiple interfaces for dial-up connections. Additionally, add-route is disabled in the tunnel IPSec phase 1 configuration because there are no static routes added for the tunnels, suggesting that the routing relies on dynamic routing protocols instead of static route additions.

Discussion

dstichtOptions: BD

A. OSPF is only on local interfaces. B. net-device creates separate interfaces for each dial-up, i.e. tunnel_0, tunnel_1 - p311 of Study Guide C. what? D. add-route disabled means static routes are not added and require dynamic routing protocol. - p313 of Study Guide.

charrucoOptions: BD

B and D are correct