NSE 4 – FortiGate 6.2 — Question 48

Which statement about the firewall policy authentication timeout is true?

Answer options

• A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.
• B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.
• C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.
• D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

Correct answer: A

Explanation

The correct answer is A because the authentication timeout is indeed an idle timeout based on the absence of packets from the user's source IP. Options B, C, and D incorrectly describe the timeout as hard or relate it to the user's source MAC instead of the source IP, which is not accurate.