Which of the following are differences between IPsec main mode and IPsec aggressive mode?

Which of the following are differences between IPsec main mode and IPsec aggressive mode? (Choose two.) Response:A . Aggressive mode supports XAuth, while main mode does not.B . Six packets are usually exchanged during main mode, while only three packets are exchanged during aggressive mode.C . The first packet of...

December 9, 2018 No Comments READ MORE +

How do you configure inline SSL inspection on a firewall policy?

How do you configure inline SSL inspection on a firewall policy? (Choose two.) Response:A . Enable one or more flow-based security profiles on the firewall policy.B . Enable the SSL/SSH Inspection profile on the firewall policy.C . Execute the inline ssl inspection CLI command.D . Enable one or more proxy-based...

December 8, 2018 No Comments READ MORE +

Examine the log message attributes. Which statements are correct?

Examine the log message attributes. Which statements are correct? (Choose two.) hostname=www.youtube.com profiletype="Webfilter_Profile" profile="default" status="passthrough" msg="URL belongs to a category with warnings enabled" Response:A . The website was allowed on the first attemptB . The user failed authenticationC . The category action was set to warning.D . The user was...

December 8, 2018 No Comments READ MORE +

Which statements about an IPv6-over-IPv4 IPsec configuration are correct?

Which statements about an IPv6-over-IPv4 IPsec configuration are correct? (Choose two.) Response:A . The remote gateway IP must be an IPv6 address.B . The source quick mode selector must be an IPv4 address.C . The local gateway IP must an IPv4 address.D . The destination quick mode selector must be...

November 30, 2018 No Comments READ MORE +

Which of the following statements about the FortiGate application control database are true?

Which of the following statements about the FortiGate application control database are true? (Choose two.) Response:A . The application control database uses TCP port 53 for downloads.B . The application control database uses a hierarchical structure to organize application signatures.C . The application control database is part of the IPS...

November 25, 2018 No Comments READ MORE +

Which statement is true about split tunneling in SSL VPN?

Which statement is true about split tunneling in SSL VPN? Response:A . It is supported in web-only mode.B . It can be enabled by the SSL VPN user, after connecting to the SSL VPD . If enabled, Internet traffic uses the local gateway of the connecting host.E . If disabled,...

November 22, 2018 1 Comment READ MORE +

Which statements about the output are correct?

Examine this output from a debug flow: Which statements about the output are correct? (Choose two.) Response:A . FortiGate received a TCP SYN/ACK packet.B . The source IP address of the packet was translated to 10.0.1.10.C . FortiGate routed the packet through port 3.D . The packet was allowed by...

November 16, 2018 No Comments READ MORE +

What statements about the configuration are correct?

A FortiGate interface is configured with the following commands: What statements about the configuration are correct? (Choose two.) Response:A . IPv6 clients connected to port1 can use SLAAC to generate their IPv6 addresses.B . FortiGate can provide DNS settings to IPv6 clients.C . FortiGate can send IPv6 router advertisements (RAs.)D...

November 10, 2018 No Comments READ MORE +

An administrator wants to monitor their network for any probing attempts aimed to exploit existing vulnerabilities in their servers. What must they configure on their FortiGate to accomplish this?

An administrator wants to monitor their network for any probing attempts aimed to exploit existing vulnerabilities in their servers. What must they configure on their FortiGate to accomplish this? (Choose two.) Response:A . An application control profile and set all application signatures to monitor.B . A DoS policy, and log...

November 5, 2018 No Comments READ MORE +

What FortiGate feature can be used to block a ping sweep scan from an attacker?

What FortiGate feature can be used to block a ping sweep scan from an attacker? Response:A . Web application firewall (WAF)B . Rate based IPS signaturesC . One-arm snifferD . DoS policiesView AnswerAnswer: B

October 30, 2018 No Comments READ MORE +