Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)
Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.) A. Proxy-based inspection B. Certificate inspection C. Flow-based inspection D. Full Content inspectionView AnswerAnswer: A,C Explanation: The two inspection modes that you can use to configure a firewall policy on...
Which policy will be highlighted, based on the input criteria?
Refer to the exhibits. The exhibits show the firewall policies and the objects used in the firewall policies. The administrator is using the Policy Lookup feature and has entered the search criteria shown in the exhibit. Which policy will be highlighted, based on the input criteria?A . Policy with ID...
What is the reason for the failed virus detection by FortiGate?
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded. What is the...
What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.)
What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.) A. FortiGate uses fewer resources. B. FortiGate performs a more exhaustive inspection on traffic. C. FortiGate adds less latency to traffic. D. FortiGate allocates two sessions per connection.View AnswerAnswer: A,C Explanation: A. FortiGate uses fewer resources. C....
Which two statements are true about collector agent standard access mode? (Choose two.)
Which two statements are true about collector agent standard access mode? (Choose two.) A. Standard mode uses Windows convention-NetBios: DomainUsername. B. Standard mode security profiles apply to organizational units (OU). C. Standard mode security profiles apply to user groups. D. Standard access mode supports nested groups.View AnswerAnswer: A,C Explanation: A....
Which DPD mode on FortiGate will meet the above requirement?
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel. Which DPD mode on FortiGate will meet the above requirement?A . DisabledB . On DemandC . EnabledD...
checks on this traffic?
View the exhibit. A user at 192.168.32.15 is trying to access the web server at 172.16.32.254. Which two statements best describe how the FortiGate will perform reverse path forwarding (RPF) checks on this traffic? (Choose two.)A . Strict RPF check will deny the traffic.B . Loose RPF check will allow...
Which three criteria can FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)
Which three criteria can FortiGate use to look for a matching firewall policy to process traffic? (Choose three.) A. Services defined in the firewall policy B. Highest to lowest priority defined in the firewall policy C. Destination defined as Internet Services in the firewall policy D. Lowest to highest policy...
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode? A. It limits the scanning of application traffic to the browser-based technology category only. B. It limits the scanning of application traffic to the DNS protocol only. C. It...
How does FortiGate act when using SSL VPN in web mode?
How does FortiGate act when using SSL VPN in web mode?A . FortiGate acts as an FDS server.B . FortiGate acts as an HTTP reverse proxy.C . FortiGate acts as DNS server.D . FortiGate acts as router.View AnswerAnswer: B Explanation: B. FortiGate acts as an HTTP reverse proxy. When using...