NSE4 Question #281: Real Exam Question with Answer & Explanation

Question

A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity. The following troubleshooting commands are executed from the CLI: user1 # get system interface == [ internal ] name. internal mode. static ip: 10.0.1.254 255.255.255.128 status: up netbios-forward. disable type. physical mtu-overridE. disable == [ vlan1 ] name. vlan1 mode. static ip: 10.0.1.1 255.255.255.128 status: up netb ios-forward. disable type. vlan mtu-override. disable user1 # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default S 10.0.0.0/8 [10/0] is a summary, Null C 10.0.1.0/25 is directly connected, vlan1 C 10.0.1.128/25 is directly connected, internal user1 # diagnose debug flow trace start 100 user1 # diagnose debug ena user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1 id=20085 trace_id=277 msg="vd-root received a packet(proto=6, 10.0.1.130 :47922->10.0.1.1:443) from internal." id=20085 trace_id=277 msg="allocate a new session-00000b21" id=20085 trace_id=277 msg="iprope_in_check() check failed, drop" Based on the output from these commands, which of the following is a possible cause of the problem?

Options

• AThe FortiGate unit has no route back to the PC.
• BThe PC has an IP address in the wrong subnet.
• CThe PC is using an incorrect default gateway IP address.
• DThere is no firewall policy allowing traffic from INTERNAL -> VLAN1.