FCSS_EFW_AD-7.4 exam

Examine these partial outputs from two routing debug commands: # get router info routing-table database S       0.0.0.0/0 [20/0] via 100.64.2.254, port2, [10/0] S    *> 0.0.0.0/0 [10/0] via 100.64.1.254, port1 # get router info routing-table all S*      0.0.0.0/0 [10/0] via 100.64.1.254, port1 Why is the default route that uses port2 not...

Examine the following routing table and BGP configuration; then answer the question below. The BGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?A . Enable the redistribution of connected routers into BGP.B . Enable...

Examine the following traffic log; then answer the question below. date-20xx-02-01 time=19:52:01 devname=masterdevice_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted." What does the log mean?A . There is not enough available memory in the system to create a new entry in the NAT port table.B...

Refer to the exhibit, which contains a partial routing table. Assuming all the appropriate firewall policies are configured, which two pings will FortiGate route? (Choose two.)A . Source IP address 10.1.0.24, Destination IP address 10.72.3.20.B . Source IP address 10.72.3.52, Destination IP address 10.1.0.254.C . Source IP address 10.72.3.27, Destination...

View the exhibit, which contains the partial output of a diagnose command, and then answer the question below. Based on the output, which of the following statements is correct?A . Anti-replay is enabled.B . DPD is disabled.C . Quick mode selectors are disabled.D . Remote gateway IP is 10.200.5.1.View AnswerAnswer:...

Refer to the exhibit, which contains the output of the diagnose vpn tunnel list. Which command will capture ESP traffic for the VPN named DialUp_0?A . diagnose sniffer packet any 'port 4500'B . diagnose sniffer packet any 'esp and host 10.200.3.2'C . diagnose sniffer packet any 'host 10.0.10.10'D . diagnose...

View the exhibit, which contains the output of a real-time debug, and then answer the question below. Which of the following statements is true regarding this output? (Choose two.)A . This web request was inspected using the root web filter profile.B . FortiGate found the requested URL in its local...

When investigating FortiGuard connectivity issues, which of the following is a valid troubleshooting step?A . Verify management VDOM's internet access.B . Verify DNS requests are being proxied if auto-update tunneling is enabled.C . Use the FortiGuard real-time debug command to verify rating requests.D . Configure a virtual IP to forward...

Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below. Why didn’t the tunnel come up?A . IKE mode configuration is not enabled in the remote IPsec gateway.B . The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2...

When investigating FortiGuard connectivity issues, which action is a valid troubleshooting step?A . Configure a virtual IP to forward port 443 to the FortiGate external IP.B . Verify management VDOM internet access.C . Use the FortiGuard real-time debug command to verify rating requests.D . Verify that DNS requests are being...