Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE7_EFW-7.2 Topic 4 Question 25 Discussion

Actual exam question for Fortinet's NSE7_EFW-7.2 exam
Question #: 25
Topic #: 4
[All NSE7_EFW-7.2 Questions]

Which two statements about ADVPN are true? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C, D

C) The hub adds routes based on IKE negotiations: This is part of the ADVPN functionality where the hub learns about the networks behind the spokes and can add routes dynamically based on the IKE negotiations with the spokes.

D) You must configure phase 2 quick mode selectors to 0.0.0.0 0.0.0.0: This wildcard setting in the phase 2 selectors allows any-to-any tunnel establishment, which is necessary for the dynamic creation of spoke-to-spoke tunnels.

These configurations are outlined in Fortinet's documentation for setting up ADVPN, where the hub's role in route control and the use of wildcard selectors for phase 2 are emphasized to enable dynamic tunneling between spokes.


by Chantell at Sep 13, 2024, 02:01 PM

Limited Time Offer

25%

Off

Get Premium NSE7_EFW-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Solange
3 months ago
B and D for sure! You've got to have all the FortiGate devices in the same AS, and those phase 2 quick mode selectors need to be set to 0.0.0.0 0.0.0.0. Anything else would be a 'route' to failure!
upvoted 0 times
...
Christiane
3 months ago
This exam question is a real 'hub' of activity! I'm going to go with C and D - the hub adding routes based on IKE negotiations, and the phase 2 quick mode selectors being set to 0.0.0.0 0.0.0.0.
upvoted 0 times
...
Glendora
3 months ago
I'm going with C and D. The hub adding routes based on IKE negotiations, and the phase 2 quick mode selectors being set to 0.0.0.0 0.0.0.0 sound like the right choices to me.
upvoted 0 times
Lenny
2 months ago
User1: Yes, those seem to be the most logical choices.
upvoted 0 times
...
Rolland
2 months ago
User3: So, we all agree on C and D as the correct statements about ADVPN.
upvoted 0 times
...
Gracia
2 months ago
User2: I agree, and I also think D is correct because configuring phase 2 quick mode selectors to 0.0.0.0 0.0.0.0 makes sense.
upvoted 0 times
...
Joni
2 months ago
User1: I think C is correct because the hub adds routes based on IKE negotiations.
upvoted 0 times
...
...
Letha
3 months ago
B and D are the true statements. All FortiGate devices need to be in the same autonomous system, and the phase 2 quick mode selectors should be set to 0.0.0.0 0.0.0.0.
upvoted 0 times
Joseph
2 months ago
D) You must configure phase 2 quick mode selectors to 0.0.0.0 0.0.0.0.
upvoted 0 times
...
Sang
2 months ago
B) All FortiGate devices must be in the same autonomous system (AS).
upvoted 0 times
...
Karrie
2 months ago
D) You must configure phase 2 quick mode selectors to 0.0.0.0 0.0.0.0.
upvoted 0 times
...
Alida
2 months ago
C) The hub adds routes based on IKE negotiations.
upvoted 0 times
...
Elli
3 months ago
B) All FortiGate devices must be in the same autonomous system (AS).
upvoted 0 times
...
Dorthy
3 months ago
A) You must disable add-route in the hub.
upvoted 0 times
...
...
Corazon
4 months ago
C and D seem like the correct options. The hub adding routes based on IKE negotiations and configuring phase 2 quick mode selectors to 0.0.0.0 0.0.0.0 make sense to me.
upvoted 0 times
Lisha
3 months ago
Yes, those two statements make the most sense based on how ADVPN works.
upvoted 0 times
...
Stefany
3 months ago
So, we all think C and D are the correct options for ADVPN.
upvoted 0 times
...
Eladia
3 months ago
I agree, D also seems right since configuring phase 2 quick mode selectors to 0.0.0.0 0.0.0.0 is necessary.
upvoted 0 times
...
Meaghan
4 months ago
I think C is correct because the hub adds routes based on IKE negotiations.
upvoted 0 times
...
...
Jeannetta
4 months ago
Hmm, you might be right. I see how that could be a valid point. Thanks for sharing your perspective.
upvoted 0 times
...
Kimberlie
4 months ago
I disagree, I believe statement C is true because the hub adds routes based on IKE negotiations in ADVPN.
upvoted 0 times
...
Jeannetta
4 months ago
I think statement A is true because you need to disable add-route in the hub for ADVPN.
upvoted 0 times
...

Save Cancel