TCP Three-Way Handshake Debugging Quiz

Questions and Answers

Which type of packets does the debug flow output capture in this example?

• ARP packets
• UDP packets
• TCP packets (correct)
• ICMP packets

What does the output for the SYN packet show?

• The policy ID (correct)
• The NAT information
• The route to the destination
• The session ID

What does the output of the SYN-Ack and Ack packets show?

• The session ID (correct)
• The policy ID
• The NAT information
• The route to the destination

In what troubleshooting cases is the debug flow tool useful?

When you need to understand why a packet is taking a specific route (C)

What does 'Denied by forward policy check' indicate in the debug flow output?

No firewall policy allows the traffic (B)

What does 'Denied by end point ip filter check' indicate in the debug flow output?

The IP-address has been quarantined by DLP (C)

What can the debug flow help you identify when FortiGate is dropping packets?

The reason for packet loss (A)

What does 'exceeded shaper limit, drop' indicate in the debug flow output?

Packets dropped because of traffic shaping (D)

What does 'Denied by forward policy check' indicate in the debug flow output?

No firewall policy allows the traffic (D)

What can the debug flow tool help you understand?

Why a packet is dropped (D)

Which of the following is a possible reason for a dropped packet due to a traffic shaper exceeding its threshold?

The packet is destined to a FortiGate IP-address but the service is not enabled. (C)

What does the error message 'reverse path check fail, drop' indicate?

The packet failed the reverse path forwarding check. (D)

Which mode of FTP determines who initiates the data channel?

Passive mode (C)

What is the purpose of the control channel in FTP?

To send FTP commands (D)

What is the role of a session helper in network protocols?

To facilitate communication between network devices (B)

Which of the following is NOT a possible reason for a dropped packet destined to a FortiGate IP-address?

The service is using a different TCP port (D)

What is the composition of an FTP file transfer in terms of TCP sessions?

Two TCP sessions: one for the control channel and one for data transfer (A)

In which mode of FTP does the client initiate the data channel?

Passive mode (C)

What is the purpose of the port command in FTP?

To specify the client IP-address and TCP port for the incoming data channel (A)

What can cause a dropped packet not destined to a FortiGate IP-address?

The packet matches a local-in policy with action deny (A)