An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?

An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?A . A phase 2 configuration is not required.B . This VPN cannot be used as part of a hub and spoke topology.C . The IPsec firewall policies must be placed...

October 5, 2018 No Comments READ MORE +

What step is required to configure an SSL VPN to access to an internal server using port forward mode?

What step is required to configure an SSL VPN to access to an internal server using port forward mode?A . Configure the virtual IP addresses to be assigned to the SSL VPN users.B . Install FortiClient SSL VPN clientC . Create a SSL VPN realm reserved for clients using port...

October 4, 2018 No Comments READ MORE +

What statement describes what DNS64 does?

What statement describes what DNS64 does?A . Converts DNS A record lookups to AAAA record lookups.B . Translates the destination IPv6 address of the DNS traffic to an IPv4 address.C . Synthesizes DNS AAAA records from A records.D . Translates the destination IPv4 address of the DNS traffic to an...

October 4, 2018 No Comments READ MORE +

Which statements correctly describe transparent mode operation? (Choose three.)

Which statements correctly describe transparent mode operation? (Choose three.)A . All interfaces of the transparent mode FortiGate device must be on different IP subnets.B . The transparent FortiGate is visible to network hosts in an IP traceroute.C . It permits inline traffic inspection and firewalling without changing the IP scheme...

September 26, 2018 No Comments READ MORE +

Which topology should be used to satisfy all of the requirements?

You are tasked to architect a new IPsec deployment with the following criteria: - There are two HQ sites that all satellite offices must connect to. - The satellite offices do not need to communicate directly with other satellite offices. - No dynamic routing will be used. - The design...

September 18, 2018 No Comments READ MORE +

Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup tunnels?

Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup tunnels?A . The FortiGate is able to handle NATed connections only with aggressive mode.B . FortiClient supports aggressive mode.C . The remote peers are able to provide their peer IDs in the first message with...

September 16, 2018 No Comments READ MORE +

Which of the following statements are correct?

Examine the routing database. Which of the following statements are correct? (Choose two.)A . The port3 default route has the lowest metric, making it the best route.B . There will be eight routes active in the routing table.C . The port3 default has a higher distance than the port1 and...

September 11, 2018 No Comments READ MORE +

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?A . The FortiGate unit’s public IP addressB . The FortiGate unit’s internal IP addressC . The remote user’s virtual IP addressD . The remote user’s...

September 6, 2018 No Comments READ MORE +

What methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)

What methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)A . Code blocksB . SMS phone messageC . FortiTokenD . Browser pop-up windowE . EmailView AnswerAnswer: B,C,E

August 31, 2018 No Comments READ MORE +

Assuming telnet service is enabled for port1, which of the following statements correctly describes why FGT1 is not responding?

View the exhibit. This is a sniffer output of a telnet connection request from 172.20.120.186 to the port1 interface of FGT1. In this scenario. FGT1 has the following routing table: Assuming telnet service is enabled for port1, which of the following statements correctly describes why FGT1 is not responding?A ....

August 22, 2018 No Comments READ MORE +