Why did the FortiGate drop the packet?
Examine this output from a debug flow: Why did the FortiGate drop the packet?A . The next-hop IP address is unreachable.B . It failed the RPF check.C . It matched an explicitly configured firewall policy with the action DENE . It matched the default implicit firewall policy.View AnswerAnswer: D
Why is the site www.bing.com being blocked?
Examine the exhibit, which shows the output of a web filtering real time debug. Why is the site www.bing.com being blocked?A . The web site www.bing.com is categorized by FortiGuard as Malicious Websites.B . The user has not authenticated with the FortiGate yet.C . The web server IP address 204.79.197.200...
Which statements about DNS filter profiles are true? (Choose two.)
Which statements about DNS filter profiles are true? (Choose two.)A . They can inspect HTTP traffic.B . They can redirect blocked requests to a specific portal.C . They can block DNS requests to known botnet command and control servers.D . They must be applied in firewall policies with SSL inspection...
What is the cause of the problem?
An administrator has configured two VLAN interfaces: A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the DHCP server. What is the cause of the problem?A . Both interfaces must...
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?
Examine the exhibit, which contains a virtual IP and firewall policy configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24. The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a...
Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)
Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)A . If the DHCP method fails, browsers will try the DNS method.B . The browser needs to be preconfigured with the DHCP server’s IP address.C . The browser sends a DHCPONFORM request to...
Which topology should be used to satisfy all of the requirements?
You have tasked to design a new IPsec deployment with the following criteria: Which topology should be used to satisfy all of the requirements?A . Partial meshB . Hub-and-spokeC . Fully meshedD . RedundantView AnswerAnswer: B
What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)
What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)A . Enable Event Logging.B . Enable a web filter security profile on the Full Access firewall policy.C . Enable Log Allowed Traffic on the Full Access firewall...
Which of the following statements about virtual domains (VDOMs) are true? (Choose two.)
Which of the following statements about virtual domains (VDOMs) are true? (Choose two.)A . The root VDOM is the management VDOM by default.B . A FortiGate device has 64 VDOMs, created by default.C . Each VDOM maintains its own system time.D . Each VDOM maintains its own routing table.View AnswerAnswer:...
Which statements about the output are correct?
Examine this output from a debug flow: Which statements about the output are correct? (Choose two.)A . FortiGate received a TCP SYN/ACK packet.B . The source IP address of the packet was translated to 10.0.1.10.C . FortiGate routed the packet through port 3.D . The packet was allowed by the...