NSE 4 – FortiGate 7.2 — Question 104

An administrator has configured a strict RPF check on FortiGate.
How does strict RPF check work?

Answer options

• A. Strict RPF allows packets back to sources with all active routes.
• B. Strict RPF checks the best route back to the source using the incoming interface.
• C. Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface.
• D. Strict RPF check is run on the first sent and reply packet of any new session.

Correct answer: B

Explanation

The correct answer is B because strict RPF verifies the best route back to the source based on the incoming interface, ensuring that packets are only accepted if they arrive via the interface that corresponds to the best route. Options A and C misinterpret the function of strict RPF by suggesting it allows packets based on all active routes or merely the existence of any route, which is incorrect. Option D describes the checking process inaccurately by implying it only occurs on new session packets.