Q: 5
Which two statements are true about an HA cluster? (Choose two.)
Options
Discussion
Heartbeat IP isn't always fixed so C can be wrong in some cluster configs, but still thinking B and D.
Option B and D, since C is default-only (trap answer), not always true for every HA cluster config.
B/D? Most real configs won't always have heartbeat IP as 169.254.0.2, so C could trip you up if the scenario is default-only. But for "true about HA cluster," B and D are safest picks. Seen similar on other practice sets, anyone got a FortiGate where that's not the case?
B and D, just like Chris said. Link failover covers admin down and the incremental sync does include FIB entries plus IPsec SAs. A and C seem more like distractors here. Pretty confident on these picks but open if someone’s seen it differently in production clusters.
Pretty sure it's B and D. Had something like this in a mock and both were picked as correct.
Had something like this in a mock, it's definitely B and D. Link failover triggers on admin-down (B), and FIB with IPsec SAs do get synced by HA (D). The heartbeat IP in C varies per config, so can't say that's always true. Pretty sure about these picks, but let me know if you see it differently.
Maybe C and D? I figured the heartbeat IP 169.254.0.2 was always visible when sniffing, and D just makes sense for HA sync. Not super confident though, if anyone can confirm or refute.
Probably B and D, saw a very similar question in some exam reports.
Probably B and D. Failover gets triggered if you admin-down a monitored interface (B), and FortiGate HA sync handles FIB entries and IPsec SAs (D). Official docs and practice exams mention both points, so pretty confident here. If you want to double-check, the official admin guide is a good resource.
B/D? Pretty sure those are solid for all cluster configs, but C could sneak in only if the heartbeat IP wasn't changed. Anyone else read docs saying admin-down always causes failover regardless of HA mode?
Be respectful. No spam.
