FCSS – Network Security Specialist 7.6 — Question 14

What are two reasons you might see iprope_in_check() check failed, drop when using the debug flow? (Choose two.)

Answer options

• A. The packet was dropped because the trusted host list is misconfigured.
• B. The packet was dropped because it is not allowed by any firewall policy.
• C. The packet was dropped because the requested service is not enabled on FortiGate.
• D. The packet was dropped because there is no route to the source.

Correct answer: B, C

Explanation

The correct answers B and C indicate that the packet was either not permitted by the firewall policies or that the service it was trying to access was not enabled, both of which can lead to a drop. Options A and D do not apply as they relate to misconfigurations and routing issues, which are not the primary reasons for the iprope_in_check() failure in this context.