An administrator must ensure that users cannot access sites containing malware and spyware, while also protecting them from phishing attempts.
What is the most resource-efficient method to block access to these sites?
- A . Enable antivirus profiles to scan all web traffic and block downloads from these malicious sites.
- B . Configure FortiGuard Web Filtering and block the categories malware, spyware, and phishing to prevent access to such sites.
- C . Create a custom IPS policy to monitor and block all outbound traffic related to malware, spyware, and phishing sites.
- D . Set up a DNS filter and block domains related to these categories to stop users from reaching malicious content.
What global configuration setting changes the behavior for content-inspected traffic while FortiGate is in system conserve mode?
- A . av-failopen
- B . mem-failopen
- C . utm-failopen
- D . ips-failopen
Examine the following traffic log; then answer the question below.
date-20xx-02-01 time=19:52:01 devname=masterdevice_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."
What does the log mean?
- A . There is not enough available memory in the system to create a new entry in the NAT port table.
- B . The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.
- C . FortiGate does not have any available NAT port for a new connection.
- D . The limit for the maximum number of entries in the NAT port table has been reached.
Refer to the exhibit, which contains partial output from an IKE real-time debug.
The administrator does not have access to the remote gateway.
Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?
- A . In the phase 1 network configuration, set the IKE version to 2.
- B . In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.
- C . In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.
- D . In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.
Refer to the exhibit, which shows a partial web filter profile configuration.
Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?
- A . FortiGate will block the connection, based on the FortiGuard category based filter configuration.
- B . FortiGate will block the connection as an invalid URL.
- C . FortiGate will exempt the connection, based on the Web Content Filter configuration.
- D . FortiGate will allow the connection, based onthe URL Filter configuration.
Refer to the exhibit, which shows partial outputs from two routing debug commands.
Why is the port2 default route not in the second command output?
- A . The port2 interface is disabled in the FortiGate configuration.
- B . The port1 default route has a lower distance than the default route using port2.
- C . The port1 default route has a higher priority value than the default route using port2.
- D . The port1 default route has a lower priority value than the default route using port2.
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?
- A . FortiManager can download and maintain local copies of FortiGuard databases.
- B . FortiManager supports only FortiGuard push to managed devices.
- C . FortiManager will respond to update requests only if they originate from a managed device.
- D . FortiManager does not support rating requests.
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration.
The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1
diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?
- A . Phase1; IKE mode configuration; XAuth; phase 2.
- B . Phase1; XAuth; IKE mode configuration; phase2.
- C . Phase1; XAuth; phase 2; IKE mode configuration.
- D . Phase1; IKE mode configuration; phase 2; XAuth.
View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.
Based on the output, which of the following statements is correct?
- A . Anti-replay is enabled.
- B . DPD is disabled.
- C . Quick mode selectors are disabled.
- D . Remote gateway IP is 10.200.5.1.
Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?
- A . Only the DR receives link state information from non-DR routers.
- B . Non-DR and non-BDR routers form full adjacencies to DR only.
- C . Non-DR and non-BDR routers send link state updates and acknowledgements to 224.0.0.6.
- D . FortiGate first checks the OSPF ID to elect a DR.
Which two statements about application layer test commands are true? (Choose two.)
- A . They are used to filter real-time debugs.
- B . They display real-time application debugs.
- C . Some of them can be used to restart an application.
- D . Some of them display statistics and configuration information about a feature or process.
Refer to the exhibit, which shows the output of a diagnose command.
What can you conclude from the output shown in the exhibit? (Choose two.)
- A . This is a pinhole session created to allow traffic for a protocol that requires additional sessions to operate through FortiGate.
- B . This is an expected session created by the IPS engine.
- C . Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.200.1.1.
- D . Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.0.1.10.
When investigating FortiGuard connectivity issues, which action is a valid troubleshooting step?
- A . Configure a virtual IP to forward port 443 to the FortiGate external IP.
- B . Verify management VDOM internet access.
- C . Use the FortiGuard real-time debug command to verify rating requests.
- D . Verify that DNS requests are being proxied, if auto-update tunneling is enabled.
In which two states is a given session categorized as ephemeral? (Choose two.)
- A . A TCP session waiting to complete the three-way handshake.
- B . A TCP session waiting for FIN ACK.
- C . A UDP session with packets sent and received.
- D . A UDP session with only one packet received.
Refer to the exhibit, which contains the partial output of an IKE real-time debug.
Why did the tunnel not come up?
- A . The pre-shared keys do not match
- B . The remote gateway phase 1 configuration does not match the local gateway phase 1 configuration.
- C . The remote gateway phase 2 configuration does not match the local gateway phase 2 configuration.
- D . The remote gateway is using aggressive mode and the local gateway is configured to use main mode.
Which statement about administrative domains (ADOMs) on FortiManager is true?
- A . The number of configurable ADOMs is based on the FortiManager FortiCare service contract.
- B . The ADOM feature can be enabled by any administrative user.
- C . FortiGate devices with multiple VDOMs must be assigned to the same ADOM on FortiManager.
- D . ADOMs allow grouping of managed devices based on management criteria and administrative access.
Refer to the exhibits.
The exhibits show a network diagram, the output from the command config system ha, and a firewall policy.
What source MAC address does the web server detect when a user accesses it?
- A . The virtual MAC address of FortiGate B.
- B . The physical MAC address of FortiGate B.
- C . The virtual MAC address of FortiGate A.
- D . The physical MAC address of FortiGate A.
Which two statements about the Security Fabric are true? (Choose two.)
- A . Only the root FortiGate collects network information and forwards it to FortiAnalyzer.
- B . Branch FortiGate devices must be configured first.
- C . FortiGate uses FortiTelemetry protocol to communicate with FortiAnalyzer.
- D . All FortiGate devices in the Security Fabric must have bidirectional FortiTelemetry connectivity.
Examine the output from the ‘diagnose debug authd fsso list’ command; then answer the question below.
# diagnose debug authd fsso list–FSSO logons-IP: 192.168.3.1 User: STUDENT Groups:TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?
- A . The IP address recorded in the logon event for the user STUDENT.
- B . The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB.
- C . The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2. TRAINING. LAB.
- D . The reserve DNS lookup forthe IP address 192.168.3.1.
Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router.
The second unit is elected as the backup designated router.
Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?
- A . 1
- B . 2
- C . 3
- D . 4
An administrator has enabled HA session synchronization in a HA cluster with two members.
Which flag is added to a primary unit’s session to indicate that it has been synchronized to the secondary unit?
- A . redir.
- B . dirty.
- C . synced
- D . nds.
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)
- A . Installing configuration changes to managed devices.
- B . Importing interface mappings from managed devices.
- C . Adding devices to FortiManager.
- D . Previewing pending configuration changes for managed devices.
Refer to the exhibit, which contains a session table entry.
Which statement about FortiGate inspection of this session is true?
- A . FortiGate applied proxy-based inspection.
- B . FortiGate applied flow-based NGFW policy-based inspection.
- C . FortiGate applied flow-based inspection.
- D . FortiGate forwarded this session without any inspection.
An LDAP user cannot authenticate against a FortiGate device.
Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer the question below.
Based on the output in the exhibit, what can cause this authentication problem?
- A . The FortiGate has been configured with the wrong password for the LDAP administrator.
- B . User student is using a wrong password.
- C . User student is not found in the LDAP server.
- D . The FortiGate has been configured with the wrong authentication schema.
Refer to the exhibit, which contains the output of a web filtering diagnose command.
Which statement explains why the cache statistics are all zeros?
- A . The FortiGate web filter cache is disabled in the FortiGate configuration.
- B . FortiGate is using flow-based inspection which does not use the cache.
- C . The administrator has reallocated the cache memory to a separate process.
- D . There are no users making web requests.
Refer to the exhibit, which contains partial output from an IKE real-time debug.
Based on the debug output, which phase 1 setting is enabled in the configuration of this VPN?
- A . auto-discovery-receiver
- B . auto-discovery-forwarder
- C . auto-discovery-shortcut
- D . auto-discovery-sender
An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates,
What command should the administrator execute?
- A . diagnose sniffer packet any ‘udp port 500’
- B . diagnose sniffer packet any ‘udp port 4500’
- C . diagnose sniffer packet any ‘esp’
- D . diagnose sniffer packet any ‘udp port 500 or udp port 4500’
What are two impacts on applications if adjusting the TCP Maximum Segment Size (MSS) on FortiGate? (Choose two.)
- A . The MSS configuration is prone to errors since it requires a thorough understanding of the network path.
- B . The packet count increases adding unnecessary TCP headers when the MSS value is increased.
- C . The overall data throughput is decreased when there is a decrease in MSS value.
- D . The network efficiency improves when there is a decrease in MSS value.
Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?
- A . FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.
- B . FortiGate limits the total number of simultaneous explicit web proxy users.
- C . FortiGate limits the number of simultaneous sessions per explicit web proxy user. The limit CAN be modified by the administrator.
- D . FortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.
Which statement about memory conserve mode is true?
- A . A FortiGate exits conserve mode when the configured memory use threshold reaches yellow.
- B . A FortiGate Starts dropping all the new and old sessions when the configured memory use threshold reaches extreme.
- C . A FortiGate starts dropping new sessions when the configured memory use threshold reaches red
- D . A FortiGate enters conserve mode when the configured memory use threshold reaches red
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.
Why didn’t the tunnel come up?
- A . IKE mode configuration is not enabled in the remote IPsec gateway.
- B . The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration.
- C . The remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration.
- D . One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.
When investigating FortiGuard connectivity issues, which of the following is a valid troubleshooting step?
- A . Verify management VDOM’s internet access.
- B . Verify DNS requests are being proxied if auto-update tunneling is enabled.
- C . Use the FortiGuard real-time debug command to verify rating requests.
- D . Configure a virtual IP to forward port 443 to FortiGate’s external IP.
Refer to the exhibit, which shows the output of a diagnose command
What can you conclude from the RTT value?
- A . Its value is incremented with each packet lost.
- B . Its initial value is statically set to 10.
- C . It determines which FortiGuard server is used for license validation.
- D . Its value represents the time it takes to receive a response after a rating request is sent to a particular server.
Examine the following routing table and BGP configuration; then answer the question below.
The BGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24.
Which configuration change will make the local peer advertise this prefix?
- A . Enable the redistribution of connected routers into BGP.
- B . Enable the redistribution of static routers into BGP.
- C . Disable the setting network-import-check.
- D . Enable the setting ebgp-multipath.
What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)
- A . Reduce the session time to live.
- B . Increase the TCP session timers.
- C . Increase the FortiGuard cache time to live.
- D . Reduce the maximum file size to inspect.
Refer to the exhibit, which shows the output of a web filtering diagnose command.
Which configuration change would result in non-zero results in the cache statistics section?
- A . set server-type rating under config system central-management
- B . set webfilter-cache enable under config system fortiguard
- C . set webfilter-force-off disable under config system fortiguard
- D . set ngfw-mode policy-based under config system settings
Refer to the exhibit, which contains a partial routing table.
Assuming all the appropriate firewall policies are configured, which two pings will FortiGate route? (Choose two.)
- A . Source IP address 10.1.0.24, Destination IP address 10.72.3.20.
- B . Source IP address 10.72.3.52, Destination IP address 10.1.0.254.
- C . Source IP address 10.72.3.27, Destination IP address 10.1.0.52.
- D . Source IP address 10.73.9.10, Destination IP address 10.72.3.15.
Which three conditions are required for two FortiGate devices to form an OSP adjacency? (Choose three.)
- A . OSPF costs match
- B . OSPF peer IDs match
- C . Hello and dead intervals match
- D . OSPF IP MTUs match
- E . IP addresses are in the same subnet
Refer to the exhibit, which shows partial outputs from two routing debug commands.
Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?
- A . Set the priority of the static default route using port1 to 10.
- B . Set the priority of the static default route using port2 to 1.
- C . Set preserve-session-route to enable.
- D . Set snat-route-change to enable.
Examine the partial output from two web filter debug commands; then answer the question below:
Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?
- A . Finance and banking
- B . General organization.
- C . Business.
- D . Information technology.
Which configuration can be used to reduce the number of BGP sessions in an IBGP network?
- A . Neighbor range
- B . Route reflector
- C . Next-hop-self
- D . Neighbor group
Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below.
Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?
- A . diagnose sniffer packet any ‘port 500’
- B . diagnose sniffer packet any ‘esp’
- C . diagnose sniffer packet any ‘host 10.0.10.10’
- D . diagnose sniffer packet any ‘port 4500’
Refer to the exhibit, which shows the output of a debug command.
Which two statements about the output are true? (Choose two.)
- A . In the network connected to port 4, two OSPF routers are down.
- B . Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.5.
- C . Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.6.
- D . There are a total of 5 OSPF routers attached to the Port4 network segment.
View the exhibit, which contains the output of a diagnose command, and then answer the question below.
What statements are correct regarding the output? (Choose two.)
- A . This is an expected session created by a session helper
- B . Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10
- C . Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.
- D . This is an expected session created by an application control profile.
Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.
Based on the output, which two statements are correct? (Choose two.)
- A . Phase 2 authentication is set to sha1 on both sides.
- B . Hub2Spoke1 is configured on interface wan2.
- C . Anti-replay is disabled.
- D . Hub2Spoke1 is a policy-based VPN.
Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below.
Which statements are true regarding the output in the exhibit? (Choose two.)
- A . BGP peers have successfully inter changed Open and Keep alive messages.
- B . Local BGP peer received a prefix for a default route.
- C . The state of the remote BGP peer is Open Confirm.
- D . The state of the remote BGP peer will go to Connect after it confirms the received prefixes.
Which of the following troubleshooting steps is applicable when investigating antivirus and IPS update issues on FortiGate?
- A . Use the alternate service port 8888.
- B . Validate DNS resolution for update.fortiguard.net.
- C . Verify outbound ICMP connectivity.
- D . Use the diagnose debug rating command to check active servers.
Which layer of the FortiOS architecture does an application process or daemon run on?
- A . User space
- B . Configuration layer
- C . Kernel
- D . Hardware
View the exhibit, which contains the output of a real-time debug, and then answer the question below.
Which one of the following statements describes why the update is failing?
- A . The update should be using port 53 or port 8888, instead of port 443.
- B . FortiGate is unable to resolve the required FQDN (service.fortiguard.net) for AV and IPS updates.
- C . FortiGate is unable to establish a TCP connection with FDS.
- D . The administrator should use the execute update-wf command instead.
Which of the following tasks are part of the manual registration process for adding a FortiGate to a FortiManager for central management? (Choose three.)
- A . Wait for the rating databases to download on FortiManager.
- B . In the FortiManager, add the unregistered FortiGate.
- C . Import the policy package from the managed FortiGate.
- D . Start the rating services on FortiManager.
- E . Add the FortiManager IP address to the FortiGate’s central management configuration.
Examine the output of the ‘diagnose debug rating’ command shown in the exhibit; then answer the question below.
Which statement are true regarding the output in the exhibit? (Choose two.)
- A . The TZ value represents the delta between each FortiGuard server’s time zone and the FortiGate’s time zone.
- B . FortiGate will send the FortiGuard queries to the server with highest weight.
- C . There are three FortiGuard servers that are not responding to the queries sent by the FortiGate.
- D . A server’s round trip delay (RTT) is not used to calculate its weight.
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.
Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?
- A . The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.
- B . The TCP session for the BGP connection to 10.200.3.1 is down.
- C . The local peer has received the BGP prefixed from the remote peer.
- D . The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.
View the exhibit, which contains the output of a real-time debug, and then answer the question below.
Which of the following statements is true regarding this output? (Choose two.)
- A . This web request was inspected using the root web filter profile.
- B . FortiGate found the requested URL in its local cache.
- C . The requested URL belongs to category ID 52.
- D . The web request was allowed by FortiGate
View the following FortiGate configuration.
All traffic to the Internet currently egresses from port1.
The exhibit shows partial session information for Internet traffic from a user on the internal network:
If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s session?
- A . The session would remain the session table, and its traffic would still egress from port 1.
- B . The session would remain the session table, but its traffic would now egress from both port 1and port2
- C . The session would remain the session table, and its traffic would start to egress from port2.
- D . The session would be deleted, so the client would need to start a new session.
Refer to the exhibit, which contains the output of the diagnose vpn tunnel list.
Which command will capture ESP traffic for the VPN named DialUp_0?
- A . diagnose sniffer packet any ‘port 4500’
- B . diagnose sniffer packet any ‘esp and host 10.200.3.2’
- C . diagnose sniffer packet any ‘host 10.0.10.10’
- D . diagnose sniffer packet any ‘ip proto 50’
Examine the following partial output from a sniffer command; then answer the question below.
What is the meaning of the packets dropped counter at the end of the sniffer?
- A . Number of packets that didn’t match the sniffer filter.
- B . Number of total packets dropped by the FortiGate.
- C . Number of packets that matched the sniffer filter and were dropped by the FortiGate.
- D . Number of packets that matched the sniffer filter but could not be captured by the sniffer.
Which of the following statements are correct regarding application layer test commands? (Choose two.)
- A . They are used to filter real-time debugs.
- B . They display real-time application debugs.
- C . Some of them display statistics and configuration information about a feature or process.
- D . Some of them can be used to restart an application.
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.
Which statements are true regarding the output in the exhibit? (Choose two.)
- A . BGP state of the peer 10.125.0.60 is Established.
- B . BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.
- C . Local BGP peer has not received an OpenConfirm from 10.200.3.1.
- D . The local BGP peer has received a total of 3 BGP prefixes.
Which two statements about an auxiliary session are true? (Choose two.)
- A . With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.
- B . With the auxiliary session setting disabled, for each traffic path, FortiGate will use the same auxiliary session.
- C . With the auxiliary session disabled, only auxiliary sessions will be offloaded.
- D . With the auxiliary session setting enabled, two sessions will be created in case of routing change.
What is an OSPF area border router?
- A . A router with interfaces in multiple OSPF areas.
- B . A router with all its interfaces in the backbone area.
- C . A router that is redistributing connected subnets into the OSPF network.
- D . A router that is redistributing non-OSPF routes into the OSPF network.
What is the diagnose test application ipsmenitor 5 command used for?
- A . To enable IPS bypass mode
- B . To disable the IPS engine
- C . To restart all IPS engines and monitors
- D . To provide information regarding IPS sessions
Examine the output of the ‘get router info ospf interface’ command shown in the exhibit; then answer the question below.
Which statements are true regarding the above output? (Choose two.)
- A . The port4 interface is connected to the OSPF backbone area.
- B . The local FortiGate has been elected as the OSPF backup designated router.
- C . There are at least 5 OSPF routers connected to the port4 network.
- D . Two OSPF routers are down in the port4 network.
A corporate network allows internet Access to FSSO users only. The FSSO user student does not have internet access after successfully logged into the Windows AD network.
The output of the ‘diagnose debug authd fsso list’ command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems.
What should the administrator check? (Choose two.)
- A . The user student must not be listed in the CA’s ignore user list.
- B . The user student must belong to one or more of the monitored user groups.
- C . The student workstation’s IP subnet must be listed in the CA’s trusted list.
- D . At least one of the student’s user groups must be allowed by a FortiGate firewall policy.
What action does FortiSwitch take when it receives a loop guard data packet (LGDP) that was sent by itself?
- A . The receiving port is shut down
- B . The sending port is shut down
- C . The receiving port is moved to the STP blocking state
- D . The sending port is moved to the STP blocking state
An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device.
What can the administrator do to fix this problem?
- A . Configure remote link monitoring to detect an issue in the forwarding path.
- B . Configure set send-garp-on-failover enable under config system ha on both cluster members.
- C . Verify that the speed and duplex settings match between the FortiGate interfaces and the connected switch ports.
- D . Configure set link-failed-signal enable under config system ha on both cluster members.
View the exhibit, which of the contains the partial output of an IKE real-time debug, then answer the question below.
Which of the following statements about this debug output are true? (Choose two.)
- A . The name of the tunnel being negotiated is VPN.
- B . Both phases 1 and 2 are up.
- C . Both gateways are using aggressive mode.
- D . Phase 1 is using a pre-shared key for authentication.
Which two statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)
- A . When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.
- B . When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate
- C . When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.
- D . When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
View the exhibit, which contains the output of get sys ha status, and then answer the question below.
Which statements are correct regarding the output? (Choose two.)
- A . The slave configuration is not synchronized with the master.
- B . The HA management IP is 169.254.0.2.
- C . Master is selected because it is the only device in the cluster.
- D . port 7 is used the HA heartbeat on all devices in the cluster.
A FortiGate device has the following LDAP configuration:
The administrator executed the ‘dsquery’ command in the Windows LDAp server 10.0.1.10, and got the following output:
>dsquery user -samid administrator
"CN-Administrator, CN-Users, DC=trainingAD, DC-training, DC-lab"
Based on the output, what FortiGate LDAP setting is configured incorrectly?
- A . cnid.
- B . username.
- C . password.
- D . dn.
View the exhibit, which contains a session entry, and then answer the question below.
Which statement is correct regarding this session?
- A . This traffic is using the VIP and central NAT tables.
- B . This session was successfully authenticated.
- C . Further packets for this session will be blocked.
- D . This session is offloaded to the NPU.
Which two statements about the use of digital certificates are true?
- A . An intermediate CA can sign server certificates
- B . An intermediate CA can sign another intermediate CA certificate
- C . The end entity’s certificate can only be created by an intermediate C
- D . An intermediate CA can validate the end entity certificate signed by another intermediate CA
An administrator has configured a FortiGate device with two VDOMs: root and internal.
The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link.
What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)
- A . Router ID.
- B . OSPF interface area.
- C . OSPF interface cost.
- D . OSPF interface MTU.
- E . Interface subnet mask.
Which statement is true regarding File description (FD) conserve mode?
- A . IPS inspection is affected when FortiGate enters FD conserve mode.
- B . A FortiGate enters FD conserve mode when the amount of available description is less than 5%.
- C . FD conserve mode affects all daemons running on the device.
- D . Restarting the WAD process is required to leave FD conserve mode.
View the exhibit, which contains the partial output of an IKE real time debug, and then answer the question below.
The administrator does not have access to the remote gateway.
Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?
- A . Change phase 1 encryption to AESCBC and authentication to SHA128.
- B . Change phase 1 encryption to 3DES and authentication to CBC.
- C . Change phase 1 encryption to AES128 and authentication to SHA512.
- D . Change phase 1 encryption to 3DES and authentication to SHA256.
View the following exhibit, which contains the sniffer output for a passive mode FTP request.
An administrator has created the following custom IPS signature to block all FTP requests for passive mode: F-SBID (–attack_id 1002; –name "Block.FTP "; –protocol tcp; –flow from_client; –pattern "PASV"; –no_case;) Soon after the signature is enabled in an active IPS sensor, some false positive detections are generated.
Which option and value pair will allow more specific detection?
- A . –protocol ftp
- B . –service ftp
- C . –name "Block.FTP.PASV"
- D . –attack_id 1001
Examine these partial outputs from two routing debug commands:
# get router info routing-table database
S 0.0.0.0/0 [20/0] via 100.64.2.254, port2, [10/0]
S *> 0.0.0.0/0 [10/0] via 100.64.1.254, port1
# get router info routing-table all
S* 0.0.0.0/0 [10/0] via 100.64.1.254, port1
Why is the default route that uses port2 not in the output of the second command?
- A . It has a higher distance than the default route using port1.
- B . There can be only one default route present in an active routing table.
- C . It has a higher priority than the default route using port1.
- D . It is disabled in the FortiGate configuration.
View the exhibit, which contains the output of a debug command, and then answer the question below.
Which one of the following statements about this FortiGate is correct?
- A . It is currently in system conserve mode because of high CPU usage.
- B . It is currently in proxy conserve mode because of high memory usage.
- C . It is currently in memory conserve mode because of high memory usage.
- D . It is currently in extreme conserve mode because of high memory usage.
View the following exhibit:
What two statements about this session are correct? (Choose two.)
- A . It is a UDP session that has seen traffic flow both ways.
- B . This is a TCP session that was blocked by firewall policy ID 0.
- C . This session terminates or originates in the FortiGate device.
- D . It is a TCP session in SYN_SENT state.
An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?
- A . diagnose sniffer packet any ‘ah’
- B . diagnose sniffer packet any ‘ip proto 50’
- C . diagnose sniffer packet any ‘udp port 4500’
- D . diagnose sniffer packet any ‘udp port 500’
Refer to the exhibit, which contains the output of a diagnose command.
Which two statements about the output are true? (Choose two.)
- A . This is an expected session created by a session helper
- B . This is an expected session created by an application control profile.
- C . Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.0.1.10.
- D . Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.200.1.1.