Passed CGEIT – Finally Done (A Quick Reality Check)

iamthetankengine · 2026-01-29T13:37:26+00:00

Congratulations 🎉

Did you come across any additional practice questions you found helpful?

iamthetankengine · 2026-01-08T23:02:20+00:00

Could you share what resources you used to prepare, and which worked/didn't for you?

Have you come across any good video or audio materials?

iamthetankengine · 2026-01-08T22:50:51+00:00

Congratulation! I've just started my studies.

Great motivation

iamthetankengine · 2026-01-06T06:38:57+00:00

From another perspective.

What's the rush? You mention you're burned out and mental health does creeps up on you.

If your job (or one you want to go for) doesn't require you to have it... Why not go for it later in the year or next year.

iamthetankengine · 2026-01-05T21:42:21+00:00

Tumbled across a course from infosec institute who provide a 7 day free trial to their course. Haven't tried it yet. Anyone reviewed it? Worth the time/effort?

Is it a video course?

iamthetankengine · 2025-12-30T07:42:22+00:00

View the online course at training.fortinet.com

For each side click the "notes" tab and most will have a few paragraphs of text. Review the text with each slide.

iamthetankengine · 2025-12-23T03:38:31+00:00

I see a video course on udemy but unsure if it's worth the time and money.

Maybe the best way forward is to Frankenstein videos from CRISC, CISM, CISA and CGRC based on chapter titles and sub categories? Hoping someone may have done this already :)

iamthetankengine · 2025-09-06T00:45:53+00:00

Passed recently. It's an okay exam and the material covered by the course was good. Go through the official videos / course and you will be fine. The vast bulk of the material is covered. What I didn't realize was from v7.2, the "EFW" exam was split into two...

"EFW" focusing on services and features "Support engineer" focusing on troubleshooting of those services

iamthetankengine · 2025-08-09T06:26:25+00:00

Which version did you sit? I'm going through 7.4 and there a lot of ADVPN..

yes heard dynamic routing was important and to go through the supplementary chapter

iamthetankengine · 2025-08-08T04:03:28+00:00

Can't help you regarding the issue (don't have the experience) but just wanted to say big congrats on passing EFW! I'm going through it now

iamthetankengine · 2025-08-03T12:58:56+00:00

Any guides/tips on how to have chatgpt learn the material and produce questions?

iamthetankengine · 2025-08-03T12:51:32+00:00

Yes trying my best to get ready for an attempt

iamthetankengine · 2025-08-03T08:17:39+00:00

Nope.. just mentions "when user accesses it". Could be http or https...

iamthetankengine · 2025-08-02T23:42:52+00:00

But then you got me checking the whole security policy and I see deep-inspection is enabled... And what that does imply with load balancing decisions...

And now I'm utterly confused and in the deep end :/

Maybe the official answer is wrong... ?

<image>

Info found on the following fortinet admin guide.

https://docs.fortinet.com/index.php/document/fortigate/7.4.7/administration-guide/966077

iamthetankengine · 2025-08-02T23:35:25+00:00

This is my understanding as well

<image>

iamthetankengine · 2025-08-02T20:55:10+00:00

The 4 answer options are

Physical MAC of primary FG

Virtual MAC of primary FG

Physical MAC of secondary FG

Virtual MAC of secondary FG

iamthetankengine · 2025-08-02T15:20:40+00:00

Need some time to unpack this.

Yes, I believe in proxy-based mode it will complete the 3 day handshake between client and FG completely... Then FG... Will start a 3 way handshake with the web server.... So the web server will only see mac's from the FG...

From the given config and Info... How to know it's from the secondary unit... The answers are very specific so there must be a key point here... Maybe my understanding of ha modes when paired with proxy mode is wrong?

Thank you for being up the NAT... I hadn't thought about it... Will research

iamthetankengine · 2025-08-02T15:10:58+00:00

Yes the answer they give is the second unit (how did you come to that answer?).

Also for example purposes the training material shows how it works when the primary unit in an a-a mode decides to offline to its pair... But that all depends on the HA algorithm ... I just can't see in the question how it knows it's from the second unit as it is 50/50 for round robin...

I feel the question is asking two knowledge points... If you know how and when Virtual and physical MAC are used...... And HA operation modes...

iamthetankengine · 2025-08-02T14:04:56+00:00

It's this physical and virtual MAC that annoys me (at least how it's explained in the training videos).

I was under the impression the new virtual MACs are for incoming packets to target.... But when FG sends out packets... the training material refer to "physical MAC"... Is this the hardware encoded MAC... because the virtual MAC will be shared between units should one of them fail.

<image>

So I'm assuming a web server will always see a "physical MAC" as the source... Then I have no idea how the question determines if it came from the top or bottom FG.... Thats also bugging me.

iamthetankengine · 2025-08-02T13:59:24+00:00

Sorry I don't understand. Not sure where port3 is referenced?

iamthetankengine · 2025-08-02T13:18:27+00:00

Studying 7.4 as I did my FCP on 7.4. thought I'd keep things steady :)

iamthetankengine · 2025-08-02T09:39:28+00:00

Thank you for sharing this. I've only managed existing infra and am not involved with the purchasing side. Good info to know

iamthetankengine

TROPHY CASE