NSE 5 – Network Security Analyst — Question 2

Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with IPsec? (Choose two.)

Answer options

• A. Must configure the FortiAnalyzer end of the tunnel only--the FortiGate end is auto-negotiated.
• B. Must establish an IPsec tunnel ID and pre-shared key.
• C. IPsec cannot be enabled if SSL is enabled as well.
• D. IPsec is only enabled through the CLI on FortiAnalyzer.

Correct answer: C

Explanation

The correct answer is C, as enabling SSL prevents IPsec from being activated simultaneously. Options A, B, and D are incorrect because they misrepresent the configuration requirements and capabilities of FortiAnalyzer and FortiGate in relation to IPsec tunnels.