Exam FCP_WCS_AD-7.4 Topic 4 Question 5 Discussion
Actual exam question for Fortinet's FCP_WCS_AD-7.4 exam
Question #: 5
Topic #: 4
Question #: 5
Topic #: 4
You are troubleshooting network connectivity issues between two VMs deployed in AWS.
One VM is a FortiGate located on subnet "LAN" that is part of the VPC "Encryption". The other VM is a Windows server located on the subnet "servers" which is also in the "Encryption" VPC. You are unable to ping the Windows server from FortiGate.
What are two reasons for this? (Choose two.)
One VM is a FortiGate located on subnet "LAN" that is part of the VPC "Encryption". The other VM is a Windows server located on the subnet "servers" which is also in the "Encryption" VPC. You are unable to ping the Windows server from FortiGate.
What are two reasons for this? (Choose two.)
Suggested Answer: A,D Vote an answer
Windows Firewall Blocking Traffic:
The firewall on the Windows VM might be configured to block incoming ICMP traffic (ping requests). By default, Windows Firewall is set to block ICMP traffic, which could be a reason for the connectivity issue (Option A).
Security Group Configuration:
AWS Security Groups act as virtual firewalls for instances. If there is no rule allowing ICMP traffic in the security group attached to the Windows server, the ping requests from FortiGate will be blocked. An inbound allow ICMP rule must be added to the security group to permit this traffic (Option D).
Other Options Analysis:
Option B is incorrect because the default AWS Network Access Control List (NACL) allows all inbound and outbound traffic.
Option C is incorrect as AWS does allow ICMP traffic between subnets if properly configured with Security Groups and NACLs.
Reference:
AWS Security Groups: AWS Security Groups
Windows Firewall Configuration: Windows Firewall
The firewall on the Windows VM might be configured to block incoming ICMP traffic (ping requests). By default, Windows Firewall is set to block ICMP traffic, which could be a reason for the connectivity issue (Option A).
Security Group Configuration:
AWS Security Groups act as virtual firewalls for instances. If there is no rule allowing ICMP traffic in the security group attached to the Windows server, the ping requests from FortiGate will be blocked. An inbound allow ICMP rule must be added to the security group to permit this traffic (Option D).
Other Options Analysis:
Option B is incorrect because the default AWS Network Access Control List (NACL) allows all inbound and outbound traffic.
Option C is incorrect as AWS does allow ICMP traffic between subnets if properly configured with Security Groups and NACLs.
Reference:
AWS Security Groups: AWS Security Groups
Windows Firewall Configuration: Windows Firewall
by Riva at Dec 28, 2024, 09:19 PM
Contact Us
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday
Support: Contact now
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).