NSE4 Question #20: Real Exam Question with Answer & Explanation

Question

Examine the static route configuration shown below; then answer the question following it. config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway 172.11.12.1 set distance 10 set weight 5 next edit 2 set dst 172.20.1.0 255.255.255.0 set blackhole enable set distance 5 set weight 10 next end Which of the following statements correctly describes the static routing configuration provided? (Choose two.)

Options

• AAll traffic to 172.20.1.0/24 is dropped by the FortiGate.
• BAs long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1. If the
• CThe FortiGate unit does NOT create a session entry in the session table when the traffic is being
• DThe FortiGate unit creates a session entry in the session table when the traffic is being routed by

Explanation

The configuration includes a blackhole route for 172.20.1.0/24 with a lower administrative distance (5) than the next-hop route (10), making the blackhole route preferred and causing all traffic to that destination to be dropped without creating session entries.

Common mistakes.

• B. This statement is incorrect because Route 2 (blackhole with distance 5) will always be preferred over Route 1 (distance 10) due to its lower administrative distance, meaning traffic will be dropped, not routed by Route 1.
• D. This statement is incorrect because blackhole routes are specifically designed to drop traffic without creating session entries, making the process more efficient for discarding unwanted traffic.

Concept tested. FortiGate static routes, administrative distance, and blackhole routes

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/86909/static-routes

No community discussion yet for this question.