NSE 4 – FortiGate 7.0 — Question 79

An administrator has configured a strict RPF check on FortiGate.
Which statement is true about the strict RPF check?

Answer options

• A. The strict RPF check is run on the first sent and reply packet of any new session.
• B. Strict RPF checks the best route back to the source using the incoming interface.
• C. Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface.
• D. Strict RPF allows packets back to sources with all active routes.

Correct answer: B

Explanation

The correct answer is B because strict RPF verifies that the best route to the source matches the incoming interface. Option A is incorrect as the check is not limited to the first packet of a session. Option C is misleading since strict RPF requires the best route, not just any active route. Option D is incorrect because strict RPF does not allow packets from sources with multiple routes.