NSE 8 – Network Security Expert — Question 23

Which three configuration scenarios will result in an IPsec negotiation failure between two FortiGate devices? (Choose three.)

Answer options

• A. mismatched phase 2 selectors
• B. mismatched Anti-Replay configuration
• C. mismatched Perfect Forward Secrecy
• D. failed Dead Peer Detection negotiation
• E. mismatched IKE version

Correct answer: A, C, E

Explanation

Options A, C, and E are correct because mismatches in phase 2 selectors, Perfect Forward Secrecy, and IKE version directly hinder the negotiation process. Option B, while important, does not lead to negotiation failure but rather affects the security of the IPsec tunnel. Option D pertains to monitoring the peer's status and does not directly cause a negotiation failure.