NSE 7 – Zero Trust Access 7.2 — Question 19

An administrator wants to prevent direct host-to-host communication at layer 2 and use only FortiGate to inspect all the VLAN traffic.
What three things must the administrator configure on FortiGate to allow traffic between the hosts? (Choose three.)

Answer options

• A. Block intra-VLAN traffic in the VLAN interface settings.
• B. Add the VLAN interface to a software switch.
• C. Configure static routes to allow subnets.
• D. Configure a firewall policy to allow the desired traffic between hosts.
• E. Configure proxy ARP to allow traffic.

Correct answer: A, D, E

Explanation

The correct answer includes blocking intra-VLAN traffic to ensure all communication goes through FortiGate, configuring a firewall policy to allow specific traffic between hosts, and enabling proxy ARP to facilitate routing. The other options, while related to network configuration, do not effectively contribute to preventing direct host communication or ensuring traffic inspection by FortiGate.