NSE 6 – FortiSwitch 7.2 — Question 41

Which two statements about DHCP snooping enabled on a FortiSwitch VLAN are true? (Choose two.)

Answer options

• A. Settings related to DHCP option 82 are only configurable through the CLI.
• B. Enabling DHCP snooping on a FortiSwitch VLAN ensures requests and replies are seen by all DHCP servers.
• C. By default, all FortiSwitch ports are set to forward client DHCP requests to untrusted ports.
• D. switch-controller-dhcp-snooping-verify-mac verifies the destination MAC address to protect against DHCP exhaustion attacks.

Correct answer: A, C

Explanation

The correct answer is A and C because settings related to DHCP option 82 are indeed only configurable through the CLI, and by default, FortiSwitch ports are set to forward client requests to untrusted ports. Option B is incorrect as enabling DHCP snooping does not ensure visibility of requests and replies to all DHCP servers, and option D is misleading as it does not specifically address the functionality of DHCP snooping verification.