Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam FCSS_NST_SE-7.4 Topic 5 Question 9 Discussion

Actual exam question for Fortinet's FCSS_NST_SE-7.4 exam
Question #: 9
Topic #: 5
[All FCSS_NST_SE-7.4 Questions]

An administrator wants to capture encrypted phase 2 traffic between two FotiGate devices using the built-in sniffer.

If the administrator knows that there Is no NAT device located between both FortiGate devices, which command should the administrator run?

Show Suggested Answer Hide Answer
Suggested Answer: B

Contribute your Thoughts:

Chun
3 days ago
Haha, look at these options. Might as well try 'diagnose sniffer packet any 'unicorns and rainbows''. That'll probably work just as well!
upvoted 0 times
...
Percy
11 days ago
Hmm, this is a tricky one. Since there's no NAT device, I'd go with B. 'lp proto 50' should capture the ESP protocol used in IPsec Phase 2.
upvoted 0 times
...
Alana
16 days ago
But if there is no NAT device, then UDP port 4500 is used for NAT-T, so C makes more sense.
upvoted 0 times
...
Regenia
20 days ago
D seems like the better option to me. The 'ah' protocol is used for IPsec authentication, so that should capture the encrypted traffic.
upvoted 0 times
...
Fausto
1 months ago
I disagree, I believe the correct answer is A) diagnose sniffer packet any 'udp port 500'.
upvoted 0 times
...
Alana
1 months ago
I think the answer is C) diagnose sniffer packet any 'udp port 4500'.
upvoted 0 times
...
Clay
1 months ago
I'm pretty sure the answer is C. The IPsec protocol uses UDP port 4500 for NAT-T, so that's the correct command to capture the encrypted Phase 2 traffic.
upvoted 0 times
Aleta
6 days ago
C) diagnose sniffer packet any 'udp port 4500'
upvoted 0 times
...
Odelia
18 days ago
B) diagnose sniffer packet any 'lp proto 50'
upvoted 0 times
...
Sharika
27 days ago
A) diagnose sniffer packet any 'udp port 500'
upvoted 0 times
...
...

Save Cancel
a