- All Exams Instant Download
How does strict RPF check work?
An administrator has configured a strict RPF check on FortiGate.
How does strict RPF check work?
A . Strict RPF allows packets back to sources with all active routes.
B . Strict RPF checks the best route back to the source using the incoming interface.
C . Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface.
D . Strict RPF check is run on the first sent and reply packet of any new session.
Answer: B
Explanation:
B. Strict RPF checks the best route back to the source using the incoming interface.
Strict: In this mode, Fortigate also verifies that the matching route is the best route in the routing table. That is, if the route in table contains a matching route for the source address and the incoming interface, but there is a better route for the source address through another interface the RPF check fails.
The Strict Reverse Path Forwarding (RPF) check is a security feature that helps prevent source IP address spoofing. When enabled, the FortiGate unit checks the source IP address of each incoming packet and compares it to the routing table to ensure that the packet arrives on the expected interface. Here’s an explanation of the statement:
B. Strict RPF checks the best route back to the source using the incoming interface.
When the FortiGate unit receives a packet, it checks the source IP address and verifies that the packet arrives on the expected interface based on the routing table. The "best route back to the source" refers to the route in the routing table that would be used to send packets back to the source IP address. If the incoming interface matches the expected interface based on the routing table, the check passes. If not, the packet may be considered as potentially spoofed, and it might be dropped or subjected to further security measures.
This strict RPF check helps in preventing IP address spoofing, which is a common technique used in various network attacks.
Loose RPF checks for any route and Strict RPF check for best route
Latest FCP_FGT_AD-7.4 Dumps Valid Version with 200 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Subscribe
Login
0 Comments
