FCP – FortiWAN and Cloud Security Administrator 7.4 — Question 22

You are troubleshooting network connectivity issues between two VMs deployed in AWS.
One VM is a FortiGate located on subnet "LAN" that is part of the VPC "Encryption". The other VM is a Windows server located on the subnet "servers" which is also in the "Encryption" VPC. You are unable to ping the Windows server from FortiGate.
What are two reasons for this? (Choose two.)

Answer options

• A. The firewall in the Windows VM is blocking the traffic.
• B. The default AWS Network Access Control List (NACL) does not allow this traffic.
• C. By default, AWS does not allow ICMP traffic between subnets.
• D. Add an inbound allow ICMP rule in the security group attached to the windows server.

Correct answer: A, D

Explanation

The correct answers are A and D. The firewall in the Windows VM may be configured to block ICMP traffic, preventing successful pings, while adding an inbound allow ICMP rule in the security group for the Windows server would enable such traffic. Option B is incorrect because by default, the NACL allows all traffic unless explicitly denied, and option C is misleading as AWS allows ICMP traffic between subnets by default unless configured otherwise.