When Role is set to Undefined, which statement is true?

View the exhibit. When Role is set to Undefined, which statement is true?A . The GUI provides all the configuration options available for the port1 interface.B . You cannot configure a static IP address for the port1 interface because it allows only DHCP addressing mode.C . Firewall policies can be...

May 24, 2018 No Comments READ MORE +

Which statements about high availability (HA) for FortiGates are true? (Choose two.)

Which statements about high availability (HA) for FortiGates are true? (Choose two.)A . Virtual clustering can be configured between two FortiGate devices with multiple VDOC . Heartbeat interfaces are not required on the primary device.D . HA management interface settings are synchronized between cluster members.E . Sessions handled by UTM...

May 17, 2018 No Comments READ MORE +

What FortiGate feature can be used to allow IPv6 clients to connect to IPv4 servers?

What FortiGate feature can be used to allow IPv6 clients to connect to IPv4 servers?A . IPv6-over-IPv4 IPsecB . NAT64C . IPv4-over-IPv6 IPsecD . NAT66View AnswerAnswer: A

May 8, 2018 No Comments READ MORE +

Which of the following statements about advanced AD access mode for FSSO collector agent are true? (Choose two.)

Which of the following statements about advanced AD access mode for FSSO collector agent are true? (Choose two.)A . It is only supported if DC agents are deployed.B . FortiGate can act as an LDAP client configure the group filters.C . It supports monitoring of nested groups.D . It uses...

May 7, 2018 No Comments READ MORE +

What does the command diagnose debuf fsso-polling refresh-user do?

What does the command diagnose debuf fsso-polling refresh-user do?A . It refreshes user group information form any servers connected to the FortiGate using a collector agent.B . It refreshes all users learned through agentless polling.C . It displays status information and some statistics related with the polls done by FortiGate...

May 6, 2018 No Comments READ MORE +

An administrator has created a custom IPS signature. Where does the custom IPS signature have to be applied?

An administrator has created a custom IPS signature. Where does the custom IPS signature have to be applied?A . In an IPS sensorB . In an interface.C . In a DoS policy.D . In an application control profile.View AnswerAnswer: A

April 29, 2018 No Comments READ MORE +

The administrator needs to confirm that FortiGate 2 is properly routing that traffic to the 10.0.1.0/24 subnet. The administrator needs to confirm it by sending ICMP pings to FortiGate 2 from the CLI of FortiGate 1. What ping option needs to be enabled before running the ping?

View the Exhibit. The administrator needs to confirm that FortiGate 2 is properly routing that traffic to the 10.0.1.0/24 subnet. The administrator needs to confirm it by sending ICMP pings to FortiGate 2 from the CLI of FortiGate 1. What ping option needs to be enabled before running the ping?A...

April 25, 2018 No Comments READ MORE +

What IP address must be configured in the workstation as the default gateway?

A client workstation is connected to FortiGate port2. The Fortigate port1 is connected to an ISP router. Port2 and port3 are both configured as a software switch. What IP address must be configured in the workstation as the default gateway?A . The port2’s IP address.B . The router’s IP address.C...

April 13, 2018 No Comments READ MORE +

Which statements about One-to-One IP pool are true? (Choose two.)

Which statements about One-to-One IP pool are true? (Choose two.)A . It allows configuration of ARP replies.B . It allows fixed mapping of an internal address range to an external address range.C . It is used for destination NAE . It does not use port address translation.View AnswerAnswer: B,D

April 12, 2018 No Comments READ MORE +

What are the purposes of NAT traversal in IPsec? (Choose two.)

What are the purposes of NAT traversal in IPsec? (Choose two.)A . To detect intermediary NAT devices in the tunnel path.B . To encapsulate ESP packets in UDP packets using port 4500.C . To force a new DH exchange with each phase 2 re-keyD . To dynamically change phase 1...

April 8, 2018 No Comments READ MORE +