Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam FCSS_NST_SE-7.4 Topic 5 Question 9 Discussion

Actual exam question for Fortinet's FCSS_NST_SE-7.4 exam
Question #: 9
Topic #: 5
[All FCSS_NST_SE-7.4 Questions]

An administrator wants to capture encrypted phase 2 traffic between two FotiGate devices using the built-in sniffer.

If the administrator knows that there Is no NAT device located between both FortiGate devices, which command should the administrator run?

Show Suggested Answer Hide Answer
Suggested Answer: B

Contribute your Thoughts:

Chun
1 months ago
Haha, look at these options. Might as well try 'diagnose sniffer packet any 'unicorns and rainbows''. That'll probably work just as well!
upvoted 0 times
Chun
24 days ago
User 2: Yeah, that seems like the most relevant option for capturing encrypted phase 2 traffic between the FortiGate devices.
upvoted 0 times
...
Lorrie
1 months ago
User 1: I think option C) diagnose sniffer packet any 'udp port 4500' might be the one to try.
upvoted 0 times
...
...
Percy
2 months ago
Hmm, this is a tricky one. Since there's no NAT device, I'd go with B. 'lp proto 50' should capture the ESP protocol used in IPsec Phase 2.
upvoted 0 times
Candida
29 days ago
User 2: Yeah, 'lp proto 50' should capture the ESP protocol used in IPsec Phase 2.
upvoted 0 times
...
Glenn
1 months ago
User 1: I think B is the right command to capture the encrypted phase 2 traffic.
upvoted 0 times
...
...
Alana
2 months ago
But if there is no NAT device, then UDP port 4500 is used for NAT-T, so C makes more sense.
upvoted 0 times
...
Regenia
2 months ago
D seems like the better option to me. The 'ah' protocol is used for IPsec authentication, so that should capture the encrypted traffic.
upvoted 0 times
Sheridan
29 days ago
User 3: Let's go with option D then.
upvoted 0 times
...
Thora
30 days ago
User 2: I agree, 'ah' is used for IPsec authentication.
upvoted 0 times
...
Filiberto
1 months ago
User 1: I think D is the best choice.
upvoted 0 times
...
...
Fausto
2 months ago
I disagree, I believe the correct answer is A) diagnose sniffer packet any 'udp port 500'.
upvoted 0 times
...
Alana
2 months ago
I think the answer is C) diagnose sniffer packet any 'udp port 4500'.
upvoted 0 times
...
Clay
2 months ago
I'm pretty sure the answer is C. The IPsec protocol uses UDP port 4500 for NAT-T, so that's the correct command to capture the encrypted Phase 2 traffic.
upvoted 0 times
Aleta
2 months ago
C) diagnose sniffer packet any 'udp port 4500'
upvoted 0 times
...
Odelia
2 months ago
B) diagnose sniffer packet any 'lp proto 50'
upvoted 0 times
...
Sharika
2 months ago
A) diagnose sniffer packet any 'udp port 500'
upvoted 0 times
...
...

Save Cancel