- All Exams Instant Download
If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?
If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?A . The Services field prevents SNAT and DNAT from being combined in the same policy.B . The Services field is used when you need to bundle several VIPs into VIP...
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)A . The firmware image must be manually uploaded to each FortiGate.B . Only secondary FortiGate devices are rebooted.C . Uninterruptable upgrade is enabled by default.D . Traffic load balancing is temporally disabled while upgrading...
Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)
Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)A . DNSB . pingC . udp-echoD . TWAMPView AnswerAnswer: C,D
Which two other security profiles can you apply to the security policy?
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)A . Antivirus scanningB . File filterC . DNS filterD . Intrusion preventionView AnswerAnswer: A,D
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)A . For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and passwordB . FortiGate supports pre-shared key and signature as authentication methods.C . Enabling XAuth results in...
Which two statements are true?
Refer to the exhibit. The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode. The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access internet. The To_lnternet VDOM is the only VDOM with internet access...
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?A . get system statusB . get system performance statusC . diagnose sys topD . get system arpView AnswerAnswer: D
Which additional best practice can an administrator implement?
An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?A . Configure Source IP Pools.B . Configure split tunneling in tunnel mode.C . Configure different SSL VPN realms.D . Configure host check.View AnswerAnswer: D
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)A . Lookup is done on the first packet from the session originatorB . Lookup is done on the last packet sent from the responderC . Lookup is done on every packet,...
Based on the output shown in the exhibit, which two statements are correct?
Refer to the FortiGuard connection debug output. Based on the output shown in the exhibit, which two statements are correct? (Choose two.)A . A local FortiManager is one of the servers FortiGate communicates with.B . One server was contacted to retrieve the contract information.C . There is at least one...
