- All Exams Instant Download
Which security profile’s configuration does not change when you enable policy-based inspection?
NGFW mode allows policy-based configuration for most inspection rules. Which security profile’s configuration does not change when you enable policy-based inspection?A . Web filteringB . AntivirusC . Web proxyD . Application controlView AnswerAnswer: B
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2...
How must the administrator configure the local quick mode selector for site B?
An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24. How must the administrator configure the local...
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?A . By default, FortiGate uses WINS servers to resolve names.B . By default, the SSL VPN portal requires the installation of a client’s certificate.C . By default, split tunneling is enabled.D . By default,...
Based on the raw logs shown in the exhibit, which statement is correct?
Refer to the web filter raw logs. Based on the raw logs shown in the exhibit, which statement is correct?A . Social networking web filter category is configured with the action set to authenticate.B . The action on firewall policy ID 1 is set to warning.C . Access to the...
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate?
Consider the topology: Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server. An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator...
When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?
When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?A . Log IDB . Universally Unique IdentifierC . Policy IDD . Sequence IDView AnswerAnswer: B Explanation:...
Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)
Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)A . DNSB . pingC . udp-echoD . TWAMPView AnswerAnswer: C,D
Which scanning technique on FortiGate can be enabled only on the CLI?
Which scanning technique on FortiGate can be enabled only on the CLI?A . Heuristics scanB . Trojan scanC . Antivirus scanD . Ransomware scanView AnswerAnswer: A Explanation: Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/567568/enabling-scanning
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)A . The subject field in the server certificateB . The serial number in the server certificateC . The server name indication (SNI) extension in the client...
