NSE 7 – Network Security Architect — Question 5

Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.
# diagnose debug authd fsso list
----FSSO logons----
IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB
The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?

Answer options

• A. The IP address recorded in the logon event for the user STUDENT.
• B. The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB.
• C. The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2. TRAINING. LAB.
• D. The reserve DNS lookup for the IP address 192.168.3.1.

Correct answer: C

Explanation

The correct answer is C because checking the source IP address of the traffic from the workstation will help verify if it corresponds to the IP address associated with the user STUDENT. Options A and B do not directly address the discrepancy in the IP address, while D focuses on reverse DNS lookup, which is not relevant to confirming the actual source of traffic.