Practice Test

Ace your homework & exams now with Quizwiz!

How can you modify the security settings of a VPN tunnel created from a template in FortiGate? *Choose a different template for the tunnel *Use the custom tunnel creation option *Convert the template to a custom tunnel *Edit the template directly

*

Which two additional features and settings can you apply to traffic after it is accepted by a firewall policy? (Choose two) *Antivirus scanning *User authentication x *Application control *Packet filtering

Antivirus scanning

Which action can you take to improve the security rating provided by the Fortinet Security Fabric? *Upgrade FortiGate to the latest mature version available *Run the integrity check on all end devices *Apply one or more of the suggested best practices *Create a configuration revision or back up the configuration

Apply one or more of the suggested best practices

Which two steps are involved in configuring web filtering based on FortiGuard category filters? *Create a web filtering security profile using FortiGuard category-based filters *Apply the web filter security profile to the appropriate firewall policy *Identify the specific websites to be blocked or allowed *Upgrade FortiOS to obtain the latest database from FortiGuard

Apply the web filter security profile to the appropriate firewall policy

What is a scenario where automation is used in the Fortinet Security Fabric? *Assigning security ratings to newly added devices *Monitoring disk space utilization on FortiAnalyzer *Generating weekly reports for management review *Automatically quarantining a computer with malicious activity

Automatically quarantining a computer with malicious activity

How can administrators track successful authentication attempts in FortiGate? *By utilizing advanced threat intelligence feeds *By reviewing the logs and dashboards *By analyzing network traffic patterns *By monitoring security events in real-time

By reviewing the logs and dashboards

What are some of the features provided by IPSec VPNs? *Bandwidth optimization and antireplay protection *Data authentication and data integrity *Network segmentation and packet inspection *Data encryption and load balancing

Data authentication and data integrity

Which two options can you use for centralized logging when you configure the Fortinet Security Fabric? (choose two) *FortiSOAR *FortiGate Cloud *Syslog server x *FortiAnalyzer

FortiGate Cloud

Which two configuration settings are global settings? *FortiGuard settings *User & Device settings *HA settings *Firewall policies

HA settings -

Which two security profiles are handled by the IPS engine? *Application Control *IPS *AntiVirus X *Web Filter

IPS -

Which two statements about antivirus scanning in a firewall policy set to proxy-based inspection mode, are true? (Choose two) *A file does not need to be buffered completely before it is moved to the antivirus engine for scanning X *FortiGate sends a reset packet to the client if antivirus reports the file as infected *If a virus is detected, a block replacement message is displayed immediately.

If a virus is detected, a block replacement message is displayed immediately. -

Which two items should you configure as the source of a firewall policy, to allow all internal users in a small office to access the internet? (Choose two) *Users or user groups *Application signatures *The IP subnet of the LAN *Security profiles x

Users or user groups

What functionality does FortiGate provide to establish secure connections between a main office and its remote branches, over the internet? *Virtual Private networks *Monitoring and logging *Firewall authentication *Security scanning

Virtual private networks

Which statement about the HA override setting in FortiGate HA clusters is true? *It synchronizes device priority on all cluster members *You must configure override settings manually and separately for each cluster member *It enables monitored ports *It reboots FortiGate

You must configure override settings manually and separately for each cluster member

What is the potential security risk associated with HTTPS? *Increased network latency *Certificate errors during the SSL handshake *Incompatibility with certain web browsers *Encrypted malicious traffic

encrypted malicious traffic

What is the purpose of firewall policies on FortiGate *To encrypt network traffic *To block all incoming traffic *To monitor network traffic *To control network traffic

to control network traffic

How are websites filtered using FortiGuard category filters? *By scanning the website for malware in real time *By denying access based on the website IP address *By blocking access based on the website content *By examining the HTTP headers from the website

By blocking access based on the website content

How does FortiGate application control address evasion techniques used by peer-to-peer protocols? *By analyzing flow-based inspection *By examining a URL block list *By monitoring traffic for known patterns *By allowing traffic from only well-known ports

By monitoring traffic for known patterns

Which two statements about advanced AD access mode for the FSSO collector agent, are true? (Choose two) *It uses Windows convention for naming; that is, Domain\Username *FortiGate can act as an LDAP client to configure the group filters *It is only supported if DC agents are deployed. *It supports monitoring of nested groups

FortiGate can act as an LDAP client to configure the group filters It supports monitoring of nested groups

What is a characteristic of a firewall policy used to allow the traffic from Secure Socket Layer Virtual Private Network (SSL VPN)? *It uses a virtual tunnel interface in the source field *It encapsulates the traffic using the VPN settings configured *It defines the port number used for the SSL VPN portal *It assigns SSL certificates to user groups trying to connect

It uses a virtual tunnel interface in the source field

Which two statements about the application control profile mode are true? (Choose two) *It can be selected in either flow-based or proxy-based firewall policy *It cannot be used in conjunction with IPS scanning X *It can scan only unsecure protocols *It uses flow-based scanning techniques, regardless of the inspection mode used

It uses flow-based scanning techniques, regardless of the inspection mode used -

What are two benefits of performing regular maintenance on FortiGate firewalls? *Minimize costs during upgrades *Ensure you have the latest hardware *Prevent security breaches in your organization *Meet compliance and legal requirements

Prevent security breaches in your organization Meet compliance and legal requirements

Which two statements about FortiGate antivirus databases are true? *The quick scan database is part of the normal database *The extended database is available only if AI scanning is enabled x *The extreme database is available only on certain FortiGate models *The extended database is available on all FortiGate models

The extended database is available on all FortiGate models -

Which two statements correctly describe the differences between IPSec main mode and IPSec aggressive mode? *The first packet of aggressive mode contains the peer ID, while the first packet of main mode does not *Main Mode cannot be used for dialup VPNs, while aggressive mode can *Agressive mode supports XAuth, while main mode does not *Six packets are usually exchanged during main mode, while only three packets are exchanged during aggressive mode

The first packet of aggressive mode contains the peer ID, while the first packet of main mode does not -

Why is it recommended that you use user groups instead of individual user accounts in a firewall policy? *User groups provide stronger encryption for authentication *User groups contain all individual user accounts by default *User groups make it easier to monitor authenticated users *User groups simplify the firewall configuration

User groups simplify the firewall configuration

What is the security rating in the Fortinet Security Fabric, and how is it calculated? *It indicates the level of compatibility with third-party devices *It represents the current level of network performance *It is calculated based on the number of security logs generated *It is a numerical value based on device settings and best practices

It is a numerical value based on device settings and best practices

What are two consequences of allowing a FortiGate license to expire? (choose two) *Disruption of network services and potential legal issues *Inability to monitor system logs and generate network reports *Loss of access to software updates and technical support *Reduced FortiGate performance and increased vulnerability to security threats x

Loss of access to software updates and technical support

Which actions can you apply to application categories in the Application Control profile? *Monitor, optimize, redirect, or shape *Authenticate, log, encrypt, or back up *Monitor, allow, block, or quarantine *Allow, encrypt, compress, or redirect

Monitor, allow, block, or quarantine

In addition to central processing unit (CPU) and memory usage, what are two other key performance parameters you should monitor on FortiGate (choose two) *Number of SSL sessions *Number of days for licenses to expire x *Number of active VPN tunnels *Number of local users and user groups

Number of SSL sessions

What is the key difference between SSL certificate inspection and SSL deep inspection? *SSL certificate inspection requires a trusted certificate authority (CA), while SSL deep inspection uses the FortiGate CL certificate *SSL certificate inspection applies to only HTTPS traffic, while SSL deep inspection applies to multiple SSL encrypted protocols *SSL certificated inspection decrypts and inspects encrypted content, while SSL deep inspection verifies the identity of the web server *SSL certificate inspection introduces certificate errors, while SSL deep inspection prevents certificate warnings

SSL certificate inspection applies to only HTTPS traffic, while SSL deep inspection applies to multiple SSL encrypted protocols

Why is SSL inspection necessary for the intrusion prevention system (IPS) to detect threats in encrypted traffic? *Without SSL inspection, encrypted traffic is automatically blocked by IPS *SSL inspection improves network performance by bypassing encrypted traffic *The IPS engine can inspect only legacy encryption algorithms, by default. *SSL inspection allows the IPS to detect and analyze encrypted threats

SSL inspection allows the IPS to detect and analyze encrypted threats

Which statement about traffic, flow in an active-active HA cluster is true? *The secondary device responds to the primary device with a SYN/ACK, and then the primary device forwards the SYN/ACK to the client *All FortiGate devices are assigned the same virtual MAC addresses for the HA heartbeat interfaces to redistribute to the sessions. *The SYN packet from the client always arrives at the primary device first. *The ACK from the client is received on the physical MAC address of the primary device

The SYN packet from the client always arrives at the primary device first. -

When configuring a static route on FortiGate, what does the destination represent? *The IP address of the next-hop router *The IP address of the remote DNS server *The local interface on FortiGate for the outgoing traffic *The network or host to which traffic will be forwarded

The network or host to which traffic will be forwarded

Which piece of information does FortiGate know about the user without firewall authentication? *The originating domain name *The source IP address *The user login name *The application being used

The source IP address

FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt. *The user is using a super user admin account *The user was authenticated using passive authentication *The user is using a guest account profile *No matching user account exists for this user

The user was authenticated using passive authentication

What is the purpose of the FortiGuard Labs signature database? *To provide secure configuration templates to FortiGate firewalls *To keep FortiGate firewalls protected against the latest malware variants *To identify and correct vulnerabilities in FortiGate firewalls *To give FortiGate firewalls the ability to track network traffic and usage patterns

To keep FortiGate firewalls protected against the latest malware variants

What are two reasons why organizations and individuals use web filtering? (choose two) *To increase network bandwidth *To prevent network congestion *To preserve employee productivity *To To enhance their users' experience

To prevent network congestion To preserve employee productivity

Why is it important to back up FortiGate System configurations regularly? *To prevent unexpected configuration changes *To save time and effort in case of a hardware failure *To avoid errors while upgrading FortiOS *To ensure optimal performance of FortiGate

To save time and effort in case of a hardware failure

What is grayware? *Unsolicited programs installed without user consent *New and unknown malware variants *Known malware with existing signatures *Malicious files sent to the sandbox for inspection

Unsolicited programs installed without user consent

How does FortiGate handle blocked websites in web filtering using FortiGuard category filters? *Users are prompted to provide a valid username and password for access *Users receive a warning message but can choose to continue accessing the website *Users are allowed to access the website, but their activity is recorded in the FortiGate logs *Users are redirected to a replacement message indicating the website is blocked

Users are redirected to a replacement message indicating the website is blocked


Related study sets

ADN 120 Unit 1 Thermoregulation, Fluid & Electrolytes and Glucose Regulation

View Set

Ch.1 Introduction to Motivation and Emotion

View Set

spanning-tree application Block 4_1b

View Set

Patho Exam 2 - Respiratory Disorders

View Set