FCP – FortiWAN and Cloud Security Administrator 7.4 — Question 20
A customer has deployed FortiGate Cloud-Native Firewall (CNF).
Which two statements are correct about policy sets? (Choose two.)
Answer options
- A. There is an implicit deny rule at the bottom of the policy set.
- B. The policy set must be manually synchronized to the CNF instance each time it is modified.
- C. A new policy set is created with each deployed CNF instance.
- D. Multiple policy sets can be applied to a single CNF instance.
Correct answer: A, C
Explanation
Option A is correct because policy sets inherently include an implicit deny rule to ensure that any unspecified traffic is blocked. Option C is also correct since a new policy set is indeed created for every CNF instance deployed. Options B and D are incorrect because policy sets do not need to be manually synchronized after each change, and only one policy set can be active at a time for a given CNF instance.