NSE 7 – Network Security Architect — Question 51

An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement is correct regarding this command?

Answer options

• A. Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.
• B. Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.
• C. Sends a link failed signal to all connected devices.
• D. Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.

Correct answer: A

Explanation

The correct answer is A because enabling the link-failed-signal causes the former primary unit to deactivate its non-heartbeat interfaces briefly, ensuring that traffic is redirected to the new master device. Option B is incorrect as it describes an ARP packet broadcast, which is not what this command does. Option C is misleading because while a signal is sent, it does not describe the specific action taken. Option D is inaccurate as it suggests a longer duration for disabling interfaces, which is not the case here.