Fortinet Exam FCSS_EFW_AD-7.6 Topic 1 Question 5 Discussion

Actual exam question for Fortinet's FCSS_EFW_AD-7.6 exam

Question #: 5
Topic #: 1

[All FCSS_EFW_AD-7.6 Questions]

An administrator is checking an enterprise network and sees a suspicious packet with the MAC address e0:23:ff:fc:00:86.

What two conclusions can the administrator draw? (Choose two.)

AThe suspicious packet is related to a cluster that has VDOMs enabled.

BThe network includes FortiGate devices configured with the FGSP protocol.

CThe suspicious packet is related to a cluster with a group-id value lower than 255.

DThe suspicious packet corresponds to port 7 on a FortiGate device.

Show Suggested Answer

Suggested Answer: A, C

The MAC address e0:23:ff:fc:00:86 follows the format used in FortiGate High Availability (HA) clusters. When FortiGate devices are in an HA configuration, they use virtual MAC addresses for failover and redundancy purposes.

The suspicious packet is related to a cluster that has VDOMs enabled: FortiGate devices with Virtual Domains (VDOMs) enabled use specific MAC address ranges to differentiate HA-related traffic. This MAC address is likely part of that mechanism.

The suspicious packet is related to a cluster with a group-id value lower than 255: FortiGate HA clusters assign virtual MAC addresses based on the group ID. The last octet (00:86) corresponds to a group ID that is below 255, confirming this option.

by Laurel at Oct 08, 2025, 12:02 AM

Limited Time Offer

25%

1 months ago

I'm not too sure about this one. The MAC address doesn't seem to give me any clear clues to go on.

upvoted 0 times

...