- All Exams Instant Download
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
Which two statements are true when FortiGate is in transparent mode? (Choose two.)A . By default, all interfaces are part of the same broadcast domain.B . The existing network IP schema must be changed when installing a transparent mode.C . Static routes are required to allow traffic to the next...
How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?
Examine this FortiGate configuration: How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?A . It always authorizes the traffic without requiring authentication.B . It drops the traffic.C . It authenticates the traffic using the authentication scheme SCHEME2.D . It authenticates the traffic...
Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)
Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)A . Proxy-based inspectionB . Certificate inspectionC . Flow-based inspectionD . Full Content inspectionView AnswerAnswer: A,C
Based on the raw log, which two statements are correct?
Refer to the exhibit. Based on the raw log, which two statements are correct? (Choose two.)A . Traffic is blocked because Action is set to DENY in the firewall policy.B . Traffic belongs to the root VDOM.C . This is a security log.D . Log severity is set to error...
Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?
Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?A . To remove the NAT operation.B . To generate logsC . To finish any inspection operations.D . To allow for out-of-order packets that could arrive after...
Which of the following statements are correct?
View the exhibit. Which of the following statements are correct? (Choose two.)A . This setup requires at least two firewall policies with the action set to IPsec.B . Dead peer detection must be disabled to support this type of IPsec setup.C . The TunnelB route is the primary route for...
Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?
Refer to the exhibit. Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?A . The signature setting uses a custom rating threshold.B . The signature setting includes a group of other signatures.C . Traffic matching the...
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)A . It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.B . ADVPN is only supported with IKEv2.C . Tunnels are negotiated dynamically between spokes.D . Every spoke requires a static tunnel...
What is the reason for the failed virus detection by FortiGate?
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded. What is the...
Which three statements are true regarding session-based authentication? (Choose three.)
Which three statements are true regarding session-based authentication? (Choose three.)A . HTTP sessions are treated as a single user.B . IP sessions from the same source IP address are treated as a single user.C . It can differentiate among multiple clients behind the same source IP address.D . It requires...
