You have enabled a web filter security profile in a firewall policy to log all blocked websites. What options do you have to either actively or passively monitor these logs?
You have enabled a web filter security profile in a firewall policy to log all blocked websites. What options do you have to either actively or passively monitor these logs? (Choose two.) Response:A . Alert Message consoleB . FortiView menuC . Alert emailD . Monitor menuView AnswerAnswer: AC
If antivirus, grayware, and heuristic scans are enabled on FortiGate, in which order does FortiGate apply the scanning?
If antivirus, grayware, and heuristic scans are enabled on FortiGate, in which order does FortiGate apply the scanning? Response:A . heuristics -> grayware -> antivirusB . antivirus -> grayware -> heuristicsC . antivirus -> heuristics -> graywareD . grayware -> antivirus -> heuristicsView AnswerAnswer: B
Which of the following settings and protocols can be used to provide secure and restrictive administrative access to FortiGate?
Which of the following settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (Choose three.) Response:A . Trusted hostB . HTTPSC . Trusted authenticationD . SSHE . FortiTelemetryView AnswerAnswer: ABD
How does FortiGate select the central SNAT policy that is applied to a TCP session?
How does FortiGate select the central SNAT policy that is applied to a TCP session? Response:A . It selects the SNAT policy specified in the configuration of the outgoing interface.B . It selects the first matching central-SNAT policy from top to bottom.C . It selects the central-SNAT policy with the...
What methods can you use to back up logs?
What methods can you use to back up logs? (Choose three.) Response:A . SNMPB . USBC . SFTPD . TFTPE . FTPView AnswerAnswer: BDE
Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup tunnels?
Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup tunnels? Response:A . The FortiGate is able to handle NATed connections only with aggressive mode.B . FortiClient supports aggressive mode.C . The remote peers are able to provide their peer IDs in the first message...
Which statements are true of public key infrastracture (PKI) users on FortiGate?
Which statements are true of public key infrastracture (PKI) users on FortiGate? (Choose two.) Response:A . FortiGate must include the CA certificate that issued the PKI peer user certificate.B . PKI users can belong to firewall user groups.C . PKI users must authenticate with both a certificate and a password.D...
Which statements about the output are true?
Examine this output from the diagnose sys top command: Which statements about the output are true? (Choose two.) Response:A . sshd is the process consuming most memoryB . sshd is the process consuming most CPUC . All the processes listed are in sleeping stateD . The sshd process is using...
Which of the following statements about advanced AD access mode for the FSSO collector agent are true?
Which of the following statements about advanced AD access mode for the FSSO collector agent are true? (Choose two.) Response:A . FortiGate can act as an LDAP client to configure the group filters.B . It is only supported if DC agents are deployed.C . It supports monitoring of nested groups.D...
When a user attempts to connect to an HTTPS site, what is the expected result with this configuration?
View the exhibit. When a user attempts to connect to an HTTPS site, what is the expected result with this configuration? Response:A . The user is required to authenticate before accessing sites with untrusted SSL certificates.B . The user is presented with certificate warnings when connecting to sites that have...