NSE4 Question #296: Real Exam Question with Answer & Explanation

Question

Review the exhibit of an explicit proxy policy configuration. If there is a proxy connection attempt coming from the IP address 10.0.1.5, and from a user that has not authenticated yet, what action does the FortiGate proxy take?

Options

• AUser is prompted to authenticate. Traffic from the user Student will be allowed by the policy #1.
• BUser is not prompted to authenticate. The connection is allowed by the proxy policy #2.
• CUser is not prompted to authenticate. The connection will be allowed by the proxy policy #1.
• DUser is prompted to authenticate. Only traffic from the user Student will be allowed.

Explanation

If an unauthenticated user attempts a proxy connection matching a policy that requires a specific user or group, the FortiGate will prompt for authentication, and only traffic from the successfully authenticated user matching the policy's criteria will be allowed.

Common mistakes.

• A. While the user is prompted to authenticate and traffic from the 'Student' user will be allowed by policy #1, the statement in option D is more precise by emphasizing that only traffic from that specific user will be allowed by that specific policy in the context of authentication.
• B. The user will be prompted to authenticate because the policy requires it. An unauthenticated user cannot simply be allowed by a policy that has explicit user authentication requirements.
• C. The user will be prompted to authenticate. An unauthenticated user cannot fulfill the requirements of a policy that mandates authentication for a specific user or user group.

Concept tested. Explicit proxy authentication flow

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/602058/proxy-authentication

No community discussion yet for this question.