- All Exams Instant Download
Which two statements about antivirus scanning in a firewall policy set to proxy-based inspection mode, are true? (Choose two.)
Which two statements about antivirus scanning in a firewall policy set to proxy-based inspection mode, are true? (Choose two.)A . A file does not need to be buffered completely before it is moved to the antivirus engine for scanning.B . The client must wait for the antivirus scan to finish...
Which NAT method translates the source IP address in a packet to another IP address?
Which NAT method translates the source IP address in a packet to another IP address?A . DNATB . SNATC . VIPD . IPPOOLView AnswerAnswer: B Explanation: The correct answer is: B. SNAT SNAT (Source Network Address Translation), also known as MASQUERADE in iptables, translates the source IP address in a...
If traffic matches this IPS sensor, which two actions is the sensor expected to take?
Refer to the exhibit. The exhibit shows the IPS sensor configuration. If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.) A. The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature. B. The sensor will block all attacks aimed at Windows servers. C....
Based on the system performance output, which two results are correct?
Refer to the exhibits. Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two results are correct? (Choose two.)A . FortiGate will start sending all files to FortiSandbox for inspection.B ....
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2...
Which type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service. Which type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to...
How does strict RPF check work?
An administrator has configured a strict RPF check on FortiGate. How does strict RPF check work?A . Strict RPF allows packets back to sources with all active routes.B . Strict RPF checks the best route back to the source using the incoming interface.C . Strict RPF checks only for the...
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?A . Antivirus engineB . Intrusion prevention system engineC . Flow engineD . Detection engineView AnswerAnswer: B Explanation: B. Intrusion prevention system engine. The Intrusion Prevention System (IPS) engine on FortiGate handles application control traffic, along with other functions...
Which statement about the policy ID number of a firewall policy is true?
Which statement about the policy ID number of a firewall policy is true? A. It is required to modify a firewall policy using the CLI. B. It represents the number of objects used in the firewall policy. C. It changes when firewall policies are reordered. D. It defines the order...
Which two statements about advanced AD access mode for the FSSO collector, agent are true? (Choose two.)
Which two statements about advanced AD access mode for the FSSO collector, agent are true? (Choose two.) A. FortiGate can act as an LDAP client to configure the group filters. B. It uses the Windows convention for naming; that is, DomainUsername. C. It supports monitoring of nested groups. D. It...
