Refer to the exhibit, which contains a partial VPN configuration. What can you conclude from this VPN IPsec phase 1 configuration? (Choose one answer)

A. This configuration is the best for networks with regular traffic intervals, providing a balance between connectivity assurance and resource utilization.
B. Peer IDs are unencrypted and exposed, creating a security risk.
C. FortiGate will not add a route to its routing or forwarding information base when the dynamic tunnel is negotiated.
D. A separate interface is created for each dial-up tunnel, which can be slower and more resource intensive, especially in large networks.

Correct Answer: A

Brave-Dump Clients Votes

A 100%

Comments

Brave-Dumps Admin 2025-04-27 12:12:20

Selected Answers: A

set type dynamic
Dynamic → Dial-Up VPN.
The remote peer is the one who initiates the connection, and we often do not know its IP address.

set ike-version 2
Uses IKEv2 ➔ modern, more secure and more efficient.

set net-device disable
A virtual network interface is not created for each connection.

set add-route enable
Route is added automatically after successful connection (add-route enable).

_____________________

B is not correct:
In IKEv1 aggressive mode, peer IDs are unencrypted and exposed, creating a security risk. Conversely
It would have been correct if on the configuration is ike v1 not v2

C is not correct:
set add-route enable
Route is added automatically after successful connection (add-route enable).

D is not correct
set net-device disable
It would have been correct if nat-device is enabled

A is correct:
set dpd on-idle

EFW 7.4 page 195 confirms that:
"On-idle mode is best for networks with regular traffic intervals, providing a balance between connectivity assurance and resource utilization."