FCNSP
When the SSL proxy inspects the server certificate for Web Filtering only in SSL Handshake mode, which certificate field is being used to determine the site rating? A. Common Name B. Organization C. Organizational Unit D. Serial Number E. Validity
A. Common Name
Which of the following features could be used by an administrator to block FTP uploads while still allowing FTP downloads? A. Anti-Virus File-Type Blocking B. Data Leak Prevention C. Network Admission Control D. FortiClient Check
B. Data Leak Prevention
Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of 'show system ha' for the STUDENT device. Exhibit B shows the command output of 'show system ha' for the REMOTE device. Exhibit A: see exhibit below,,, Exhibit B: see exhibit below,,, Which one of the following is the most likely reason that the cluster fails to form? A. Password B. HA mode C. Hearbeat D. Override
B. HA mode
Which of the following describes the difference between the ban and quarantine actions? A. A ban action prevents future transactions using the same protocol which triggered the ban. A qarantine action blocks all future transactions, regardless of the protocol. B. A ban action blocks the transaction. A quarantine action archives the data. C. A ban action has a finite duration. A quarantine action must be removed by an administrator. D. A ban action is used for known users. A quarantine action is used for unknown users.
A. A ban action prevents future transactions using the same protocol which triggered the ban. A qarantine action blocks all future transactions, regardless of the protocol.
For Data Leak Prevention, which of the following describes the difference between the block and quarantine actions? A. A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol. B. A block action prevents the transaction. A quarantine action archives the data. C. A block action has a finite duration. A quarantine action must be removed by an administrator. D. A block action is used for known users. A quarantine action is used for unknown users.
A. A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol.
Examine the static route configuration shown below; then answer the question following it. config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway 172.11.12.1 set distance 10 set weight 5 next edit 2 set dst 172.20.1.0 255.255.255.0 set blackhole enable set distance 5 set weight 10 next end Which of the following statements correctly describes the static routing configuration provided? (Select all that apply.) A. All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit. B. As long as port1 is up, all the traffic to 172.20.1.0/24 will be routed by the static route number 1. If the interface port1 is down, the traffic will be routed using the blackhole route. C. The FortiGate unit will NOT create a session entry in the session table when the traffic is being routed by the blackhole route. D. The FortiGate unit will create a session entry in the session table when the traffic is being routed by the blackhole route. E. Traffic to 172.20.1.0/24 will be shared through both routes.
A. All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit. C. The FortiGate unit will NOT create a session entry in the session table when the traffic is being routed by the blackhole route.
A DLP rule with an action of Exempt has been matched against traffic passing through the FortiGate unit. Which of the following statements is correct regarding how this transaction will be handled by the FortiGate unit? A. Any other matched DLP rules will be ignored with the exception of Archiving. B. Future files whose characteristics match this file will bypass DLP scanning. C. The traffic matching the DLP rule will bypass antivirus scanning. D. The client IP address will be added to a white list.
A. Any other matched DLP rules will be ignored with the exception of Archiving.
Which of the following statements are correct regarding Application Control? A. AC is based on the IPS engine. B. AC is based on the AV engine. C. AC can be applied to ssl encrypted traffic D. AC cannot be applied to SSL encrypted traffic
A. Application control is based on the IPS engine. C. Application control can be applied to SSL encrypted traffic.
An organization wishes to protect its SIP Server from call flooding attacks. Which of the following configuration changes can be performed on the FortiGate unit to fulfill this requirement? A. Apply an application control list which contains a rule for SIP and has the "Limit INVITE Request" option configured. B. Enable Traffic Shaping for the appropriate SIP firewall policy. C. Reduce the session time-to-live value for the SIP protocol by running the configure system session-ttl CLI command. D. Run the set udp-idle-timer CLI command and set a lower time value.
A. Apply an application control list which contains a rule for SIP and has the "Limit INVITE Request" option configured.
Which of the following DLP actions will always be performed if it is selected? A. Archive B. Quarantine Interface C. Ban Sender D. Block E. None F. Ban G. Quarantine IP Address
A. Archive
What are the requirements for a cluster to maintain TCP connections after device or link failover? (Select all that apply.) A. Enable session pick-up. B. Only applies to connections handled by a proxy. C. Only applies to UDP and ICMP connections. D. Connections must not be handled by a proxy.
A. Enable session pick-up. D. Connections must not be handled by a proxy.
The transfer of encrypted files or the use of encrypted protocols between users and servers on the internet can frustrate the efforts of administrators attempting to monitor traffic passing through the FortiGate unit and ensuring user compliance to corporate rules. Which of the following items will allow the administrator to control the transfer of encrypted data through the FortiGate unit? (Select all that apply.) A. Encrypted protocols can be scanned through the use of the SSL proxy. B. DLP rules can be used to block the transmission of encrypted files. C. Firewall authentication can be enabled in the firewall policy, preventing the use of encrypted communications channels. D. Application control can be used to monitor the use of encrypted protocols; alerts can be sent to the administrator through email when the use of encrypted protocols is attempted.
A. Encrypted protocols can be scanned through the use of the SSL proxy. B. DLP rules can be used to block the transmission of encrypted files. D. Application control can be used to monitor the use of encrypted protocols; alerts can be sent to the administrator through email when the use of encrypted protocols is attempted.
Which of the following DLP actions will override any other action? A. Exempt B. Quarantine Interface C. Block D. None
A. Exempt
The following diagnostic output is displayed in the CLI: diag firewall auth list policy iD. 9, srC. 192.168.3.168, action: accept, timeout: 13427 user: forticlient_chk_only, group: flag (80020): auth timeout_ext, flag2 (40): exact group iD. 0, av group: 0 ----- 1 listed, 0 filtered ------ Based on this output, which of the following statements is correct? A. Firewall policy 9 has endpoint compliance enabled but not firewall authentication. B. The client check that is part of an SSL VPN connection attempt failed. C. This user has been associated with a guest profile as evidenced by the group id of 0. D. An auth-keepalive value has been enabled.
A. Firewall policy 9 has endpoint compliance enabled but not firewall authentication.
Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of the following: A. FortiGate unit''s encryption certificate used by the SSL proxy. B. FortiGate unit''s signing certificate used by the SSL proxy. C. FortiGuard''s signing certificate used by the SSL proxy. D. FortiGuard''s encryption certificate used by the SSL proxy.
A. FortiGate Unit's encryption certificate used by the ssl proxy.
Which of the following cannot be used in conjunction with the endpoint compliance check? A. HTTP Challenge Redirect to a Secure Channel (HTTPS) in the Authentication Settings. B. Any form of firewall policy authentication. C. WAN optimization. D. Traffic shaping.
A. HTTP Challenge Redirect to a Secure Channel (HTTPS) in the Authentication Settings.
An administrator wishes to generate a report showing Top Traffic by service type, but wants to exclude SMTP traffic from the report. Which of the following statements best describes how to do this? A. In the Service field of the Data Filter, type 25/smtp and select the NOT checkbox. B. Add the following entry to the Generic Field section of the Data Filter: service="!smtp". C. When editing the chart, uncheck mlog to indicate that Mail Filtering data is being excluded when generating the chart. D. When editing the chart, enter 'dns' in the Exclude Service field.
A. In the Service field of the Data Filter, type 25/smtp and select the NOT checkbox.
An administrator wishes to generate a report showing Top Traffic by service type. They notice that web traffic overwhelms the pie chart and want to exclude the web traffic from the report. Which of the following statements best describes how to do this? A. In the Service field of the Data Filter, type 80/tcp and select the NOT checkbox. B. Add the following entry to the Generic Field section of the Data Filter: service="!web". C. When editing the chart, uncheck wlog to indicate that Web Filtering data is being excluded when generating the chart. D. When editing the chart, enter 'http' in the Exclude Service field.
A. In the Service field of the Data Filter, type 80/tcp and select the NOT checkbox.
In HA, the option Reserve Management Port for Cluster Member is selected as shown in the Exhibit below. see exhibit below,,, Which of the following statements are correct regarding this setting? (Select all that apply.) A. Interface settings on port7 will not be synchronized with other cluster members. B. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface. C. Port7 appears in the routing table. D. A gateway address may be configured for port7. E. When connecting to port7 you always connect to the master device.
A. Interface settings on port7 will not be synchronized with other cluster members. D. A gateway address may be configured for port7.
In which of the following report templates would you configure the charts to be included in the report? A. Layout Template B. Data Filter Template C. Output Template D. Schedule Template
A. Layout Template
Which of the following report templates must be used when scheduling report generation? A. Layout Template B. Data Filter Template C. Output Template D. Chart Template
A. Layout Template
Review the static route configuration for IPsec shown in the Exhibit below; then answer the question following it. see exhibit below,,, Which of the following statements are correct regarding this configuration? (Select all that apply). A. Remote_1 is a Phase 1 object with interface mode enabled B. The gateway address is not required because the interface is a point-to-point connection C. The gateway address is not required because the default route is used D. Remote_1 is a firewall zone
A. Remote_1 is a Phase 1 object with interface mode enabled B. The gateway address is not required because the interface is a point-to-point connection
In a High Availability configuration operating in Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session? A. Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server B. Request: Internal Host -> Master FG -> Slave FG -> Master FG -> Internet -> Web Server C. Request: Internal Host -> Slave FG -> Internet -> Web Server D. Request: Internal Host -> Slave FG -> Master FG -> Internet -> Web Server
A. Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server
In a High Availability cluster operating in Active-Active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a subordinate unit? A. Request: Internal Host; Master FortiGate; Slave FortiGate; Internet; Web Server B. Request: Internal Host; Master FortiGate; Slave FortiGate; Master FortiGate; Internet; Web Server C. Request: Internal Host; Slave FortiGate; Internet; Web Server D. Request: Internal Host; Slave FortiGate; Master FortiGate; Internet; Web Server
A. Request: Internal Host; Master FortiGate; Slave FortiGate; Internet; Web Server
Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of 'diag sys session stat' for the STUDENT device. Exhibit B shows the command output of 'diag sys session stat' for the REMOTE device. Exhibit A: see exhibit below,,, Exhibit B: see exhibit below,,, Given the information provided in the exhibits, which of the following statements are correct? (Select all that apply.) A. STUDENT is likely to be the master device. B. Session-pickup is likely to be enabled. C. The cluster mode is definitely Active-Passive. D. There is not enough information to determine the cluster mode.
A. STUDENT is likely to be the master device. D. There is not enough information to determine the cluster mode.
What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds? A. Sessions can be idle for no more than 1800 seconds. B. The maximum length of time a session can be open is 1800 seconds. C. After 1800 seconds, the end user must reauthenticate. D. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server.
A. Sessions can be idle for no more than 1800 seconds.
Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies? A. TCP connection B. File attachments C. Message headers D. Message body
A. TCP connection
An administrator is configuring a DLP rule for FTP traffic. When adding the rule to a DLP sensor, the administrator notes that the Ban Sender action is not available (greyed-out), as shown in the exhibit. see exhibit below,,, Which of the following is the best explanation for the Ban Sender action NOT being available? A. The Ban Sender action is never available for FTP traffic. B. The Ban Sender action needs to be enabled globally for FTP traffic on the FortiGate unit before configuring the sensor. C. Firewall policy authentication is required before the Ban Sender action becomes available. D. The Ban Sender action is only available for known domains. No domains have yet been added to the domain list.
A. The Ban Sender action is never available for FTP traffic.
Which of the following statements correctly describe Transparent Mode operation? (Select all that apply.) A. The FortiGate unit acts as transparent bridge and routes traffic using Layer-2 forwarding. B. Ethernet packets are forwarded based on destination MAC addresses NOT IPs. C. The device is transparent to network hosts. D. Permits inline traffic inspection and firewalling without changing the IP scheme of the network. E. All interfaces must be on different IP subnets.
A. The FortiGate unit acts as transparent bridge and routes traffic using Layer-2 forwarding. B. Ethernet packets are forwarded based on destination MAC addresses NOT IPs. C. The device is transparent to network hosts. D. Permits inline traffic inspection and firewalling without changing the IP scheme of the network.
A portion of the device listing for a FortiAnalyzer unit is displayed in the exhibit. see exhibit below,,, Which of the following statements best describes the reason why the FortiGate 60B unit is unable to archive data to the FortiAnalyzer unit? A. The FortiGate unit is considered an unregistered device. B. The FortiGate unit has been blocked from sending archive data to the FortiAnalyzer device by the administrator. C. The FortiGate unit has insufficient privileges. The administrator should edit the device entry in the FortiAnalyzer and modify the privileges. D. The FortiGate unit is being treated as a syslog device and is only permitted to send log data.
A. The FortiGate unit is considered an unregistered device.
A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit. see exhibit below,,, Which of the following statements are correct regarding these VDOMs? (Select all that apply.) A. The FortiGate unit supports any combination of these VDOMs in NAT/Route and Transparent modes. B. The FortiGate unit must be a model 1000 or above to support multiple VDOMs. C. A license had to be purchased and applied to the FortiGate unit before VDOM mode could be enabled. D. All VDOMs must operate in the same mode. E. Changing a VDOM operational mode requires a reboot of the FortiGate unit. F. An admin account can be assigned to one VDOM or it can have access to all three VDOMs.
A. The FortiGate unit supports any combination of these VDOMs in NAT/Route and Transparent modes. F. An admin account can be assigned to one VDOM or it can have access to all three VDOMs.
A firewall policy has been configured for the internal email server to receive email from external parties through SMTP. Exhibits A and B show the AntiVirus and Email Filter profiles applied to this policy. see exhibit below,,, see exhibit below,,, What is the correct behavior when the email attachment is detected as a virus by the FortiGate AntiVirus engine? A. The FortiGate unit will remove the infected file and deliver the email with a replacement message to alert the recipient that the original attachment was infected. B. The FortiGate unit will reject the infected email and notify both the sender and recipient. C. The FortiGate unit will remove the infected file and add a replacement message. Both sender and recipient are notified that the infected file has been removed. D. The FortiGate unit will reject the infected email and notify the sender.
A. The FortiGate unit will remove the infected file and deliver the email with a replacement message to alert the recipient that the original attachment was infected.
In HA, what is the effect of the Disconnect Cluster Member command as given in the Exhibit. see exhibit below,,, A. The HA mode changes to standalone. B. Port3 is configured with an IP address for management access. C. The Firewall rules are purged on the disconnected unit. D. All other interface IP settings are maintained.
A. The HA mode changes to standalone. B. Port3 is configured with an IP address for management access.
Review the IPsec Phase2 configuration shown in the Exhibit; then answer the question following it. see exhibit below,,, Which of the following statements are correct regarding this configuration? (Select all that apply). A. The Phase 2 will re-key even if there is no traffic. B. There will be a DH exchange for each re-key. C. The sequence number of ESP packets received from the peer will not be checked. D. Quick mode selectors will default to those used in the firewall policy.
A. The Phase 2 will re-key even if there is no traffic. B. There will be a DH exchange for each re-key.
The following ban list entry is displayed through the CLI. get user ban list id cause src-ip-addr dst-ip-addr expires created 531 protect_client 10.177.0.21 207.1.17.1 indefinite Wed Dec 24 :21:33 2008 Based on this command output, which of the following statements is correct? A. The administrator has specified the Attack and Victim Address method for the quarantine. B. This diagnostic entry results from the administrator running the diag ips log test command. This command has no effect on traffic. C. A DLP rule has been matched. D. An attack has been repeated more than once during the holddown period; the expiry time has been reset to indefinite.
A. The administrator has specified the Attack and Victim Address method for the quarantine.
FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit. see exhibit below,,, Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Select all that apply.) A. The administrator should configure inter-VDOM links to avoid using external interfaces and routers. B. As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links. This provides the same level of security internally as externally. C. This configuration requires the use of an external router. D. Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached. E. As each VDOM has an independant routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs.
A. The administrator should configure inter-VDOM links to avoid using external interfaces and routers. B. As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links. This provides the same level of security internally as externally. E. As each VDOM has an independant routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs.
Review the configuration for FortiClient IPsec shown in the Exhibit below. see exhibit below,,, Which of the following statements is correct regarding this configuration? A. The connecting VPN client will install a route to a destination corresponding to the STUDENT_INTERNAL address object B. The connecting VPN client will install a default route C. The connecting VPN client will install a route to the 172.20.1.[1-5] address range D. The connecting VPN client will connect in web portal mode and no route will be installed
A. The connecting VPN client will install a route to a destination corresponding to the STUDENT_INTERNAL address object
Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit below. see exhibit below,,, Which of the following statements are correct regarding this output? (Select all that apply.) A. The connecting client has been allocated address 172.20.1.1. B. In the Phase 1 settings, dead peer detection is enabled. C. The tunnel is idle. D. The connecting client has been allocated address 10.200.3.1.
A. The connecting client has been allocated address 172.20.1.1. B. In the Phase 1 settings, dead peer detection is enabled.
Which of the following statements are correct about the HA diag command diagnose sys ha resetuptime? (Select all that apply.) A. The device this command is executed on is likely to switch from master to slave status if master override is disabled. B. The device this command is executed on is likely to switch from master to slave status if master override is enabled. C. This command has no impact on the HA algorithm. D. This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected.
A. The device this command is executed on is likely to switch from master to slave status if master override is disabled. D. This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected.
A FortiGate administrator configures a Virtual Domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in Web Config in the management VDOM. What would be a possible cause for this problem? A. The dmz interface is referenced in the configuration of another VDOM. B. The administrator does not have the proper permissions to reassign the dmz interface. C. Non-management VDOMs can not reference physical interfaces. D. The dmz interface is in PPPoE or DHCP mode. E. Reassigning an interface to a different VDOM can only be done through the CLI.
A. The dmz interface is referenced in the configuration of another VDOM.
When viewing the Banned User monitor in Web Config, the administrator notes the entry illustrated in the exhibit. see exhibit below,,, Which of the following statements is correct regarding this entry? A. The entry displays a ban that has been added as a result of traffic triggering a configured DLP rule. B. The entry displays a ban that was triggered by HTTP traffic matching an IPS signature. This client is banned from receiving or sending any traffic through the FortiGate. C. The entry displays a quarantine, which could have been added by either IPS or DLP. D. This entry displays a ban entry that was added manually by the administrator on June11th.
A. The entry displays a ban that has been added as a result of traffic triggering a configured DLP rule.
SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection? A. The file is buffered by the application proxy. B. The file is buffered by the SSL proxy. C. In the upload direction, the file is buffered by the SSL proxy. In the download direction, the file is buffered by the application proxy. D. No file buffering is needed since a stream-based scanning approach is used for SSL content inspection.
A. The file is buffered by the application proxy.
An MP3 file is renamed to ''workbook.exe'' and put into a ZIP archive. It is then sent through the FortiGate device over HTTP. It is intercepted and processed by the configuration shown in the above Exhibits 1-4. Assuming the file is not too large for the File scanning threshold, what action will the FortiGate unit take? A. The file will be detected by rule #1 as an ''Audio (mp3)'', a log entry will be created and it will be allowed to pass through. B. The file will be detected by rule #2 as a ''*.exe'', a log entry will be created and the interface that received the traffic will be brought down. C. The file will be detected by rule #3 as an Archive(zip), blocked, and a log entry will be created. D. Nothing, the file will go undetected.
A. The file will be detected by rule #1 as an ''Audio (mp3)'', a log entry will be created and it will be allowed to pass through.
With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent. If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.) A. The login event is sent to the Collector Agent. B. The FortiGate unit receives the user information from the Domain Controller Agent of the Secondary Controller. C. The Collector Agent performs the DNS lookup for the authenticated client''s IP address. D. The user cannot be authenticated with the FortiGate device in this manner because each Domain Controller Agent requires a dedicated Collector Agent.
A. The login event is sent to the Collector Agent. C. The Collector Agent performs the DNS lookup for the authenticated client''s IP address.
Review the IPsec phase1 configuration in the Exhibit shown below; then answer the question following it. see exhibit below,,, Which of the following statements are correct regarding this configuration? (Select all that apply). A. The phase1 is for a route-based VPN configuration. B. The phase1 is for a policy-based VPN configuration. C. The local gateway IP is the address assigned to port1. D. The local gateway IP address is 10.200.3.1.
A. The phase1 is for a route-based VPN configuration. C. The local gateway IP is the address assigned to port1.
Which of the following statements best decribes the proxy behavior on a FortiGate unit during an FTP client upload when FTP splice is disabled? A. The proxy buffers the entire file from the client, only sending the file to the server if the file is clean. One possible consequence of buffering is that the server could time out. B. The proxy sends the file to the server while simultaneously buffering it. C. The proxy removes the infected file from the server by sending a delete command on behalf of the client. D. If the file being scanned is determined to be clean, the proxy terminates the connection and leaves the file on the server.
A. The proxy buffers the entire file from the client, only sending the file to the server if the file is clean. One possible consequence of buffering is that the server could time out.
Which of the following describes the best custom signature for detecting the use of the word "Fortinet" in chat applications? see exhibit below,,, see exhibit below,,, A. The sample packet trace illustrated in the exhibit provides details on the packet that requires detection. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; -- no_case; ) B. F-SBID( --protocol tcp; --flow from_client; --pattern "fortinet"; --no_case; ) C. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; -- within 20; --no_case; ) D. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; -- within 20; )
A. The sample packet trace illustrated in the exhibit provides details on the packet that requires detection.
When performing a log search on a FortiAnalyzer, it is generally recommended to use the Quick Search option. What is a valid reason for using the Full Search option, instead? A. The search items you are looking for are not contained in indexed log fields. B. A quick search only searches data received within the last 24 hours. C. You want the search to include the FortiAnalyzer's local logs. D. You want the search to include content archive data as well.
A. The search items you are looking for are not contained in indexed log fields.
Review the output of the command get router info routing-table all shown in the Exhibit below; then answer the question following it. see exhibit below,,, Which one of the following statements correctly describes this output? A. The two routes to the 10.0.2.0/24 subnet are ECMP routes and traffic will be load balanced based on the configured ECMP settings. B. The route to the 10.0.2.0/24 subnet via interface Remote_1 is the active and the route via Remote_2 is the backup. C. OSPF does not support ECMP therefore only the first route to subnet 10.0.1.0/24 is used. D. 172.16.2.1 is the preferred gateway for subnet 10.0.2.0/24.
A. The two routes to the 10.0.2.0/24 subnet are ECMP routes and traffic will be load balanced based on the configured ECMP settings.
Which of the following tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Select all that apply.) A. The web client SSL handshake. B. The web server SSL handshake. C. File buffering. D. Communication with the urlfilter process.
A. The web client SSL handshake. B. The web server SSL handshake.
Review the output of the command get router info routing-table database shown in the Exhibit below; then answer the question following it. see exhibit below,,, Which of the following statements are correct regarding this output? (Select all that apply). A. There will be six routes in the routing table. B. There will be seven routes in the routing table. C. There will be two default routes in the routing table. D. There will be two routes for the 10.0.2.0/24 subnet in the routing table.
A. There will be six routes in the routing table. C. There will be two default routes in the routing table.
Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.) A. They both create separate broadcast domains. B. Port Pairing works only for physical interfaces. C. Forwarding Domains only apply to virtual interfaces. D. They may contain physical and/or virtual interfaces. E. They are only available in high-end models.
A. They both create separate broadcast domains. D. They may contain physical and/or virtual interfaces.
Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.) A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units. B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates. C. VDOMs share firmware versions, as well as antivirus and IPS databases. D. Only administrative users with a 'super_admin' profile will be able to enter multiple VDOMs to make configuration changes.
A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units. B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates. C. VDOMs share firmware versions, as well as antivirus and IPS databases.
Which of the following statements correctly describes the deepscan option for HTTPS? A. When deepscan is disabled, only the web server certificate is inspected; no decryption of content occurs. B. Enabling deepscan will perform further checks on the server certificate. C. Deepscan is only applicable to mail protocols, where all IP addresses in the header are checked. D. With deepscan enabled, archived files will be decompressed before scanning for a more comprehensive file inspection.
A. When deepscan is disabled, only the web server certificate is inspected; no decryption of content occurs.
In Transparent Mode, forward-domain is an attribute of ______________. A. an interface B. a firewall policy C. a static route D. a virtual domain
A. an Interface
Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit? A. Packet encryption B. MIB-based report uploads C. SNMP access limits through access lists D. Running SNMP service on a non-standard port is possible
A. packet Encryption
Which of the following items are considered to be advantages of using the application control features on the FortiGate unit? Application control allows an administor to: A. set a unique session-ttl for select applications. B. customize application types in a similar way to adding custom IPS signatures. C. check which applications are installed on workstations attempting to access the network. D. enable AV scanning per application rather than per policy.
A. set a unique session-ttl for select applications.
An administrator has formed a High Availability cluster involving two FortiGate 310B units. [Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ] The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster. Which of the following options describes the best step the administrator can take? The administrator should... A. set up a full-mesh design which uses redundant interfaces. B. increase the number of FortiGate units in the cluster and configure HA in Active-Active mode. C. enable monitoring of all active interfaces. D. configure the HA ping server feature to allow for HA failover in the event that a path is disrupted.
A. set up a full-mesh design which uses redundant interfaces.
In order to load-share traffic using multiple static routes, the routes must be configured with ... A. the same distance and same priority. B. the same distance and the same weight. C. the same distance but each of them must be assigned a unique priority. D. a distance equal to its desired weight for ECMP but all must have the same priority.
A. the same distance and same priority.
Which of the following represents the correct order of criteria used for the selection of a Master unit within a FortiGate High Availability (HA) cluster when master override is disabled? A. 1. port monitor, 2. unit priority, 3. up time, 4. serial number B. 1. port monitor, 2. up time, 3. unit priority, 4. serial number C. 1. unit priority, 2. up time, 3. port monitor, 4. serial number D. 1. up time, 2. unit priority, 3. port monitor, 4. serial number
B. 1. port monitor, 2. up time, 3. unit priority, 4. serial number
In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate unit when searching for a suitable gateway? A. A look-up is done only when the first packet coming from the client (SYN) arrives. B. A look-up is done when the first packet coming from the client (SYN) arrives, and a second is performed when the first packet coming from the server (SYNC/ACK) arrives. C. A look-up is done only during the TCP 3-way handshake (SYNC, SYNC/ACK, ACK). D. A look-up is always done each time a packet arrives, from either the server or the client side.
B. A look-up is done when the first packet coming from the client (SYN) arrives, and a second is performed when the first packet coming from the server (SYNC/ACK) arrives.
The FortiGate Server Authentication Extensions (FSAE) provide a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory. Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply.) A. An FSAE Collector Agent must be installed on every domain controller. B. An FSAE Domain Controller Agent must be installed on every domain controller. C. The FSAE Domain Controller Agent will regularly update user logon information on the FortiGate unit. D. The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit. E. For non-domain computers, an FSAE client must be installed on the computer to allow FSAE authentication.
B. An FSAE Domain Controller Agent must be installed on every domain controller. D. The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.
FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory. Which of the following statements are correct regarding FSSO in a Windows domain environment when NTLM and Polling Mode are not used? (Select all that apply.) A. An FSSO Collector Agent must be installed on every domain controller. B. An FSSO Domain Controller Agent must be installed on every domain controller. C. The FSSO Domain Controller Agent will regularly update user logon information on the FortiGate unit. D. The FSSO Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit. E. For non-domain computers, the only way to allow FSSO authentication is to install an FSSO client.
B. An FSSO Domain Controller Agent must be installed on every domain controller. D. The FSSO Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.
Which of the following statements is correct about how the FortiGate unit verifies username and password during user authentication? A. If a remote server is included in a user group, it will be checked before local accounts. B. An administrator can define a local account for which the password must be verified by querying a remote server. C. If authentication fails with a local password, the FortiGate unit will query the authentication server if the local user is configured with both a local password and an authentication server. D. The FortiGate unit will only attempt to authenticate against Active Directory if Fortinet Server Authentication Extensions are installed and configured.
B. An administrator can define a local account for which the password must be verified by querying a remote server.
Select the answer that describes what the CLI command diag debug authd fsso list is used for. A. Monitors communications between the FSSO Collector Agent and FortiGate unit. B. Displays which users are currently logged on using FSSO. C. Displays a listing of all connected FSSO Collector Agents. D. Lists all DC Agents installed on all Domain Controllers.
B. Displays which users are currently logged on using FSSO.
How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.) A. File TypE. Microsoft Office(msoffice) B. File TypE. Archive(zip) C. File TypE. Unknown Filetype(unknown) D. File NamE. "*.ppt", "*.doc", "*.xls" E. File NamE. "*.pptx", "*.docx", "*.xlsx"
B. File TypE. Archive(zip) E. File NamE. "*.pptx", "*.docx", "*.xlsx"
Identify the statement which correctly describes the output of the following command: diagnose ips anomaly list A. Lists the configured DoS policy. B. List the real-time counters for the configured DoS policy. C. Lists the errors captured when compiling the DoS policy.
B. List the real-time counters for the configured DoS policy.
Both the FortiGate and FortiAnalyzer units can notify administrators when certain alert conditions are met. Considering this, which of the following statements is NOT correct? A. On a FortiGate device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two. B. On a FortiAnalyzer device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two. C. Only a FortiAnalyzer device can send the alert notification in the form of a syslog message. D. Both the FortiGate and FortiAnalyzer devices can send alert notifications in the form of an email alert.
B. On a FortiAnalyzer device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two.
Examine the Exhibit shown below; then answer the question following it. see exhibit below,,, The Vancouver FortiGate unit initially had the following information in its routing table: S 172.20.0.0/16 [10/0] via 172.21.1.2, port2 C 172.21.0.0/16 is directly connected, port2 C 172.11.11.0/24 is directly connected, port1 Afterwards, the following static route was added: config router static edit 6 set dst 172.20.1.0 255.255.255.0 set pririoty 0 set device port1 set gateway 172.11.12.1 next end Since this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem? A. The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first. B. The 'gateway' IP address is NOT in the same subnet as the IP address of port1. C. The priority is 0, which means that the route will remain inactive. D. The static route configuration is missing the distance setting.
B. The 'gateway' IP address is NOT in the same subnet as the IP address of port1.
Examine the Exhibit shown below; then answer the question following it. see exhibit below,,, In this scenario, the Fortigate unit in Ottawa has the following routing table: S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2 C 172.20.167.0/24 is directly connected, port1 C 172.20.170.0/24 is directly connected, port2 Sniffer tests show that packets sent from the Source IP address 172.20.168.2 to the Destination IP address 172.20.169.2 are being dropped by the FortiGate unit located in Ottawa. Which of the following correctly describes the cause for the dropped packets? A. The forward policy check. B. The reverse path forwarding check. C. The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate unit''s routing table. D. The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table.
B. The reverse path forwarding check.
Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.) config ips sensor edit "LINUX_SERVER" set comment '' set replacemsg-group '' set log enable config entries edit 1 set action default set application all set location server set log enable set log-packet enable set os Linux set protocol all set quarantine none set severity all set status default next end next end A. The sensor will log all server attacks for all operating systems. B. The sensor will include a PCAP file with a trace of the matching packets in the log message of any matched signature. C. The sensor will match all traffic from the address object ''LINUX_SERVER''. D. The sensor will reset all connections that match these signatures. E. The sensor only filters which IPS signatures to apply to the selected firewall policy.
B. The sensor will include a PCAP file with a trace of the matching packets in the log message of any matched signature. E. The sensor only filters which IPS signatures to apply to the selected firewall policy.
Examine the following log message for IPS and identify the valid responses below. (Select all that apply.) 2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root severity="critical" src="192.168.3.168" dst="192.168.3.170" src_int="port2" serial=0 status="detected" proto=1 service="icmp" count=1 attack_name="icmp_flood" icmp_id="0xa8a4" icmp_type="0x08" icmp_code="0x00" attack_id=16777316 sensor="1" ref="http://www.fortinet.com/ids/VID16777316" msg="anomaly: icmp_flood, 51 > threshold 50" A. The target is 192.168.3.168. B. The target is 192.168.3.170. C. The attack was detected and blocked. D. The attack was detected only. E. The attack was TCP based.
B. The target is 192.168.3.170. D. The attack was detected only.
A FortiGate unit is operating in NAT/Route mode and is configured with two Virtual LAN (VLAN) sub-interfaces added to the same physical interface. Which of the following statements is correct regarding the VLAN IDs in this scenario? A. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets. B. The two VLAN sub-interfaces must have different VLAN IDs. C. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs. D. The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches.
B. The two VLAN sub-interfaces must have different VLAN IDs.
An administrator is examining the attack logs and notices the following entry: device_id=FG100A3907508962 log_id=18432 subtype=anomaly type=ips timestamp=1270017358 pri=alert itime=1270017893 severity=critical src=192.168.1.52 dst=64.64.64.64 src_int=internal serial=0 status=clear_session proto=6 service=http vd=root count=1 src_port=35094 dst_port=80 attack_id=100663402 sensor=protect-servers ref=http://www.fortinet.com/ids/VID100663402 msg="anomaly: tcp_src_session, 2 > threshold 1" policyid=0 carrier_ep=N/A profile=N/A dst_int=N/A user=N/A group=N/A Based solely upon this log message, which of the following statements is correct? A. This attack was blocked by the HTTP protocol decoder. B. This attack was caught by the DoS sensor "protect-servers". C. This attack was launched against the FortiGate unit itself rather than a host behind the FortiGate unit. D. The number of concurrent connections to destination IP address 64.64.64.64 has exceeded the configured threshold.
B. This attack was caught by the DoS sensor "protect-servers".
The diag sys session list command is executed in the CLI. The output of this command is shown in the exhibit. Based on the output from this command, which of the following statements is correct? A. This is a UDP session. B. Traffic shaping is being applied to this session. C. This is an ICMP session. D. This traffic has been authenticated. E. This session matches a firewall policy with ID 5.
B. Traffic shaping is being applied to this session.
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fullymeshed set of IPSec tunnels? (Select all that apply.) A. Using a hub and spoke topology is required to achieve full redundancy. B. Using a hub and spoke topology simplifies configuration because fewer tunnels are required. C. Using a hub and spoke topology provides stronger encryption. D. The routing at a spoke is simpler, compared to a meshed node.
B. Using a hub and spoke topology simplifies configuration because fewer tunnels are required. D. The routing at a spoke is simpler, compared to a meshed node.
Identify the correct properties of a partial mesh VPN deployment:
B. VPN tunnels are not configured between every single location. C. Some locations are reached via a hub location.
Which of the following statements is not correct regarding virtual domains (VDOMs)? A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units. B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates. C. A backup management VDOM will synchronize the configuration from an active management VDOM. D. VDOMs share firmware versions, as well as antivirus and IPS databases. E. Only administrative users with a super_admin profile will be able to enter all VDOMs to make configuration changes.
C. A backup management VDOM will synchronize the configuration from an active management VDOM.
Which of the following statements is correct regarding the FortiGuard Services Web Filtering Override configuration as illustrated in the exhibit? see exhibit below,,, A. Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/. B. A client with an IP of address 10.10.10.12 is allowed access to any subdirectory that is part of the www.yahoo.com web site. C. A client with an IP address of 10.10.10.12 is allowed access to the www.yahoo.com/images/ web site and any of its offsite URLs. D. A client with an IP address of 10.10.10.12 is allowed access to any URL under the www.yahoo.com web site, including any subdirectory URLs, until August 7, 2009. E. Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/ until August 7, 2009.
C. A client with an IP address of 10.10.10.12 is allowed access to the www.yahoo.com/images/ web site and any of its offsite URLs.
If Open Shortest Path First (OSPF) has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through OSPF need to be announced by Border Gateway Protocol (BGP)? A. The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Autonomous System Boundary Router (ASBR). B. The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Area Border Router (ABR). C. At a minimum, the network administrator needs to enable Redistribute OSPF in the BGP settings. D. The BGP local AS number must be the same as the OSPF area number of the routes learned that need to be redistributed into BGP. E. By design, BGP cannot redistribute routes learned through OSPF.
C. At a minimum, the network administrator needs to enable Redistribute OSPF in the BGP settings.
If Routing Information Protocol (RIP) version 1 or version 2 has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through RIP need to be advertised into Open Shortest Path First (OSPF)? A. The FortiGate unit will automatically announce all routes learned through RIP v1 or v2 to its OSPF neighbors. B. The FortiGate unit will automatically announce all routes learned only through RIP v2 to its OSPF neighbors. C. At a minimum, the network administrator needs to enable Redistribute RIP in the OSPF Advanced Options. D. The network administrator needs to configure a RIP to OSPF announce policy as part of the RIP settings. E. At a minimum, the network administrator needs to enable Redistribute Default in the OSPF Advanced Options.
C. At a minimum, the network administrator needs to enable Redistribute RIP in the OSPF Advanced Options.
Bob wants to send Alice a file that is encrypted using public key cryptography. Which of the following statements is correct regarding the use of public key cryptography in this scenario? A. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file. B. Bob will use his public key to encrypt the file and Alice will use Bob's private key to decrypt the file. C. Bob will use Alice's public key to encrypt the file and Alice will use her private key to decrypt the file. D. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file. E. Bob will use Alice's public key to encrypt the file and Alice will use Bob's public key to decrypt the file.
C. Bob will use Alice's public key to encrypt the file and Alice will use her private key to decrypt the file.
A FortiGate unit is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root. Which of the following items would an administrator logging in using this account NOT be able to configure? A. Firewall addresses B. DHCP servers C. FortiGuard Distribution Network configuration D. PPTP VPN configuration
C. FortiGuard Distribution Network configuration
Which of the following statements are correct regarding the configuration of a FortiGate unit as an SSL VPN gateway? (Select all that apply.) A. Tunnel mode can only be used if the SSL VPN user groups have at least one Host Check option enabled. B. The specific routes needed to access internal resources through an SSL VPN connection in tunnel mode from the client computer are defined in the routing widget associated with the SSL VPN portal. C. In order to apply a portal to a user, that user must belong to an SSL VPN user group. D. The portal settings specify whether the connection will operate in web-only or tunnel mode.
C. In order to apply a portal to a user, that user must belong to an SSL VPN user group. D. The portal settings specify whether the connection will operate in web-only or tunnel mode.
Shown below is a section of output from the debug command diag ip arp list. index=2 ifname=port1 172.20.187.150 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 ref=1 In the output provided, which of the following best describes the IP address 172.20.187.150? A. It is the primary IP address of the port1 interface. B. It is one of the secondary IP addresses of the port1 interface. C. It is the IP address of another network device located in the same LAN segment as the FortiGate unit''s port1 interface.
C. It is the IP address of another network device located in the same LAN segment as the FortiGate unit''s port1 interface.
Which of the following statements is correct regarding the NAC Quarantine feature? A. With NAC quarantine, files can be quarantined not only as a result of antivirus scanning, but also for other forms of content inspection such as IPS and DLP. B. NAC quarantine does a client check on workstations before they are permitted to have administrative access to FortiGate. C. NAC quarantine allows administrators to isolate clients whose network activity poses a security risk. D. If you chose the quarantine action, you must decide whether the quarantine type is NAC quarantine or File quarantine.
C. NAC quarantine allows administrators to isolate clients whose network activity poses a security risk.
Review the output of the command config router ospf shown in the Exhibit below; then answer the question following it. see exhibit below,,, Which one of the following statements is correct regarding this output? A. OSPF Hello packets will only be sent on interfaces configured with the IP addresses 172.16.1.1 and 172.16.1.2. B. OSPF Hello packets will be sent on all interfaces of the FortiGate device. C. OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks. D. OSPF Hello packets are not sent on point-to-point networks.
C. OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks.
The eicar test virus is put into a zip archive, which is given the password of ''Fortinet'' in order to open the archive. Review the configuration in the exhibits shown below; then answer the question that follows. Exhibit A '' Antivirus Profile: see exhibit below,,, Exhibit B '' Non-default UTM Proxy Options Profile: see exhibit below,,, Exhibit C '' DLP Profile: see exhibit below,,, Which of one the following profiles could be enabled in order to prevent the file from passing through the FortiGate device over HTTP on the standard port for that protocol? A. Only Exhibit A B. Only Exhibit B C. Only Exhibit C with default UTM Proxy settings. D. All of the Exhibits (A, B and C) E. Only Exhibit C with non-default UTM Proxy settings (Exhibit B).
C. Only Exhibit C with default UTM Proxy settings.
Data Leak Prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.) A. SNMP B. IPSec C. SMTP D. POP3 E. HTTP
C. SMTP D. POP3 E. HTTP
Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it. config router static edit 1 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 10 set device port1 next edit 2 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 20 set device port2 next end Which of the following statements correctly describes the static routing configuration provided above? A. The FortiGate unit will evenly share the traffic to 172.20.168.0/24 through both routes. B. The FortiGate unit will share the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic. C. The FortiGate unit will send all the traffic to 172.20.168.0/24 through port1. D. Only the route that is using port1 will show up in the routing table.
C. The FortiGate unit will send all the traffic to 172.20.168.0/24 through port1.
Which of the following statements is correct about configuring web filtering overrides? A. The Override option for FortiGuard Web Filtering is available for any user group type. B. Admin overrides require an administrator to manually allow pending override requests which are listed in the Override Monitor. C. The Override Scopes of User and User Group are only for use when Firewall Policy Authentication is also being used. D. Using Web Filtering Overrides requires the use of Firewall Policy Authentication.
C. The Override Scopes of User and User Group are only for use when Firewall Policy Authentication is also being used.
An administrator is examining the attack logs and notices the following entry: type=ips subtype=signature pri=alert vd=root serial=1995 attack_id=103022611 src=69.45.64.22 dst=192.168.1.100 src_port=80 dst_port=4887 src_int=wlan dst_int=internal status=detected proto=6 service=4887/tcp user=N/A group=N/A msg=web_client: IE.IFRAME.BufferOverflow.B Based on the information displayed in this entry, which of the following statements are correct? (Select all that apply.) A. This is an HTTP server attack. B. The attack was detected and blocked by the FortiGate unit. C. The attack was against a FortiGate unit at the 192.168.1.100 IP address. D. The attack was detected and passed by the FortiGate unit.
C. The attack was against a FortiGate unit at the 192.168.1.100 IP address. D. The attack was detected and passed by the FortiGate unit.
Review the IKE debug output for IPsec shown in the Exhibit below. see exhibit below,,, Which one of the following statements is correct regarding this output? A. The output is a Phase 1 negotiation. B. The output is a Phase 2 negotiation. C. The output captures the Dead Peer Detection messages. D. The output captures the Dead Gateway Detection packets.
C. The output captures the Dead Peer Detection messages.
An administrator logs into a FortiGate unit using an account which has been assigned a super_admin profile. Which of the following operations can this administrator perform? A. They can delete logged-in users who are also assigned the super_admin access profile. B. They can make changes to the super_admin profile. C. They can delete the admin account if the default admin user is not logged in. D. They can view all the system configuration settings but can not make changes. E. They can access configuration options for only the VDOMs to which they have been assigned.
C. They can delete the admin account if the default admin user is not logged in.
Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit. see exhibit below,,, Which of the following statements is correct regarding this output? (Select one answer). A. One tunnel is rekeying B. Two tunnels are rekeying C. Two tunnels are up D. One tunnel is up
C. Two tunnels are up.
Based on the web filtering configuration illustrated in the exhibit, see exhibit below,,, which one of the following statements is not a reasonable conclusion? A. Users can access both the www.google.com site and the www.fortinet.com site. B. When a user attempts to access the www.google.com site, the FortiGate unit will not perform web filtering on the content of that site. C. When a user attempts to access the www.fortinet.com site, any remaining web filtering will be bypassed. D. Downloaded content from www.google.com will be scanned for viruses if antivirus is enabled.
C. When a user attempts to access the www.fortinet.com site, any remaining web filtering will be bypassed.
Which of the following statements is correct based on the firewall configuration illustrated in the exhibit? see exhibit below,,, A. A user can access the Internet using only the protocols that are supported by user authentication. B. A user can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. These require authentication before the user will be allowed access. C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access any services. D. A user cannot access the Internet using any protocols unless the user has passed firewall authentication.
D. A user cannot access the Internet using any protocols unless the user has passed firewall authentication.
Which of the following statements is correct regarding the antivirus scanning function on the FortiGate unit? A. Antivirus scanning provides end-to-end virus protection for client workstations. B. Antivirus scanning provides virus protection for the HTTP, Telnet, SMTP, and FTP protocols. C. Antivirus scanning supports banned word checking. D. Antivirus scanning supports grayware protection.
D. Antivirus scanning supports grayware protection.
A static route is configured for a FortiGate unit from the CLI using the following commands: config router static edit 1 set device "wan1" set distance 20 set gateway 192.168.100.1 next end Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit''s routing table? A. The Administrative Status of the wan1 interface is displayed as Up. B. The Link Status of the wan1 interface is displayed as Up. C. All other default routes should have an equal or higher distance. D. You must disable DHCP client on that interface.
D. You must disable DHCP client on that interface.
Which spam filter is not available on a FortiGate device? A. Sender IP reputation database B. URLs included in the body of known SPAM messages. C. Email addresses included in the body of known SPAM messages. D. Spam object checksums E. Spam grey listing
E. Spam grey listing