Fortinet Exam FCSS_NST_SE-7.4 Topic 2 Question 7 Discussion

Actual exam question for Fortinet's FCSS_NST_SE-7.4 exam

Question #: 7
Topic #: 2

An administrator wants to capture encrypted phase 2 traffic between two FotiGate devices using the built-in sniffer.

If the administrator knows that there Is no NAT device located between both FortiGate devices, which command should the administrator run?

Adiagnose sniffer packet any 'udp port 500'

Bdiagnose sniffer packet any 'lp proto 50'

Cdiagnose sniffer packet any 'udp port 4500'

Ddiagnose sniffer packet any 'ah'

Show Suggested Answer

Suggested Answer: B

by Heike at Nov 14, 2024, 05:24 AM

Limited Time Offer

25%

Off

Get Premium FCSS_NST_SE-7.4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Azalee

4 months ago

Ah, the age-old question of which sniffer command to use. I wonder if the answer is hidden in a FortiGate Easter egg somewhere?

upvoted 0 times

...

Aleta

4 months ago

I'm not sure, but I think A) diagnose sniffer packet any 'udp port 500' could also be a valid option.

upvoted 0 times

...

Rhea

4 months ago

This is a piece of cake! Just use 'lp proto 50' and you're good to go. Gotta love those cryptic protocol numbers, am I right?

upvoted 0 times

Glen

3 months ago

D) diagnose sniffer packet any 'ah'

upvoted 0 times

...

Tyra

3 months ago

C) diagnose sniffer packet any 'udp port 4500'

upvoted 0 times

...

Serina

3 months ago

B) diagnose sniffer packet any 'lp proto 50'

upvoted 0 times

...

Ciara

3 months ago

A) diagnose sniffer packet any 'udp port 500'

upvoted 0 times

...

Coral

4 months ago

I agree with France, because UDP port 4500 is commonly used for IPSec traffic.

upvoted 0 times

...

Cyndy

5 months ago

Hold up, what about 'udp port 4500'? That's the port for NAT-T, isn't it? I think that might be a better choice if there's no NAT involved.

upvoted 0 times

Lavonda

4 months ago

That makes sense, 'udp port 4500' is indeed used for NAT-T. Good catch!

upvoted 0 times

...

Lazaro

4 months ago

C) diagnose sniffer packet any 'udp port 4500'

upvoted 0 times

...

Rory

4 months ago

A) diagnose sniffer packet any 'udp port 4500'

upvoted 0 times

...

Edmond

5 months ago

Hmm, I'm not so sure. Why not just go for the classic 'udp port 500' command? It's simple and gets the job done, right?

upvoted 0 times

...

Loise

5 months ago

Option D is the way to go! Capturing 'ah' traffic is the correct command for sniffing encrypted Phase 2 traffic without NAT.

upvoted 0 times

Fernanda

4 months ago

D) diagnose sniffer packet any 'ah'

upvoted 0 times

...

Chantay

4 months ago

C) diagnose sniffer packet any 'udp port 4500'

upvoted 0 times

...

Brett

4 months ago

B) diagnose sniffer packet any 'lp proto 50'

upvoted 0 times

...

Alba

5 months ago

A) diagnose sniffer packet any 'udp port 500'

upvoted 0 times

...

France

5 months ago

I think the answer is C) diagnose sniffer packet any 'udp port 4500'.

upvoted 0 times

...