- All Exams Instant Download
Which statement about the policy ID number of a firewall policy is true?
Which statement about the policy ID number of a firewall policy is true?A . It is required to modify a firewall policy using the CLC . It represents the number of objects used in the firewall policy.D . It changes when firewall policies are reordered.E . It defines the order...
Which three pieces of Information will be Included in me sniffer output?
An administrator is running the following sniffer command: diagnose aniffer packer any "host 192.168.2.12" 5 Which three pieces of Information will be Included in me sniffer output? {Choose three.)A . Interface nameB . Packet payloadC . Ethernet headerD . IP headerE . Application headerView AnswerAnswer: B,C,E
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)A . SSHB . HTTPSC . FTMD . FortiTelemetryView AnswerAnswer: A,B Explanation: Reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/995103/buildingsecurity-into-fortios
Which three statements about a flow-based antivirus profile are correct? (Choose three.)
Which three statements about a flow-based antivirus profile are correct? (Choose three.)A . IPS engine handles the process as a standalone.B . FortiGate buffers the whole file but transmits to the client simultaneously.C . If the virus is detected, the last packet is delivered to the client.D . Optimized performance...
Which of the following statements about central NAT are true? (Choose two.)
Which of the following statements about central NAT are true? (Choose two.)A . IP tool references must be removed from existing firewall policies before enabling central NAC . Central NAT can be enabled or disabled from the CLI only.D . Source NAT, using central NAT, requires at least one central...
Which two types of traffic are managed only by the management VDOM? (Choose two.)
Which two types of traffic are managed only by the management VDOM? (Choose two.)A . FortiGuard web filter queriesB . PKIC . Traffic shapingD . DNSView AnswerAnswer: A,C
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?A . get system statusB . get system performance statusC . diagnose sys topD . get system arpView AnswerAnswer: C
Why did the FortiGate drop the packet?
Examine this output from a debug flow: Why did the FortiGate drop the packet?A . The next-hop IP address is unreachable.B . It failed the RPF check.C . It matched an explicitly configured firewall policy with the action DENE . It matched the default implicit firewall policy.View AnswerAnswer: D Explanation:...
Which statement regarding the firewall policy authentication timeout is true?
Which statement regarding the firewall policy authentication timeout is true?A . It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source IC . It is a hard timeout. The FortiGate removes the temporary policy for...
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)A . The firmware image must be manually uploaded to each FortiGate.B . Only secondary FortiGate devices are rebooted.C . Uninterruptable upgrade is enabled by default.D . Traffic load balancing is temporally disabled while upgrading...
