- All Exams Instant Download
Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?
Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?A . hold-down-timeB . link-down-failoverC . auto-discovery-shortcutsD . idle-timeoutView AnswerAnswer: A
Which two statements are correct about the IBGP configuration and routing information on the device?
Refer to the exhibit. The device exchanges routes using IBGP. Which two statements are correct about the IBGP configuration and routing information on the device? (Choose two.)A . Each BGP route is three hops away from the destination.B . ibgp-multipath is disabled.C . additional-path is enabled.D . You can run...
Based on the exhibits, which configuration change is required to fix issue?
Refer to the exhibits. Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10. Exhibit B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route map configuration. The administrator wants to steer corporate traffic using routes tags in the SD-WAN rule ID...
Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?
Refer to the exhibit. The exhibit shows the SD-WAN rule status and configuration. Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?A . When all three members have the same packet loss.B . When T_INET_0_0 has 4% packet loss.C . When...
What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)
What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)A . VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.B . FortiManager automatically installs IPsec tunnels to every spoke when they are added to...
Which two outcomes are expected if a user in Toronto sends traffic to London?
Refer to the exhibit. Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups. Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)A . London generates an IKE information...
Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20?
Refer to the exhibits. Exhibit A Exhibit B Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate. Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority...
Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)
Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)A . Encapsulating Security Payload (ESP)B . Secure Shell (SSH)C . Internet Key Exchange (IKE)D . Security Association (SA)View AnswerAnswer: A, C
Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true?
Refer to the exhibit. Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)A . FortiGate does not install IPsec static routes for remote protected networks in the routing table. Most VotedB . The phase 1 configuration supports the network-overlay...
Based on the information shown in the exhibits, what configuration change must be made on dc1_fgt so dc1_fgt routes the reply traffic over T_INET_1_0?
Refer to the exhibits. Exhibit A - Exhibit B Exhibit A shows a site-to-site topology between two FortiGate devices: branch1_fgt and dc1_fgt. Exhibit B shows the system global and system settings configuration on dc1_fgt. When branch1_client establishes a connection to dc1_host, the administrator observes that, on dc1_fgt, the reply traffic...
