Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)
Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)A . Include the group of guest users in a policy.B . Extend timeout timers.C . Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.D . Ensure all firewalls allow the FSSO required ports.View AnswerAnswer: AD
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)A . Traffic to botnet serversB . Traffic to inappropriate web sitesC . Server information disclosure attacksD . Credit card data leaksE . SQL injection attacksView AnswerAnswer: ACE
Which of the following are purposes of NAT traversal in IPsec? (Choose two.)
Which of the following are purposes of NAT traversal in IPsec? (Choose two.)A . To delete intermediary NAT devices in the tunnel path.B . To dynamically change phase 1 negotiation mode aggressive mode.C . To encapsulation ESP packets in UDP packets using port 4500.D . To force a new DH...
Which statement about DLP on FortiGate is true?
Which statement about DLP on FortiGate is true?A . It can archive files and messages.B . It can be applied to a firewall policy in a flow-based VDOMC . Traffic shaping can be applied to DLP sensors.D . Files can be sent to FortiSandbox for detecting DLP threats.View AnswerAnswer: A
Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?
Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?A . To remove the NAT operation.B . To generate logsC . To finish any inspection operations.D . To allow for out-of-order packets that could arrive after...
Which of the following FortiGate configuration tasks will create a route in the policy route table? (Choose two.)
Which of the following FortiGate configuration tasks will create a route in the policy route table? (Choose two.)A . Static route created with a Named Address objectB . Static route created with an Internet Services objectC . SD-WAN route created for individual member interfacesD . SD-WAN rule created to route...
Which of the following static routes will satisfy this requirement on FGT1?
Examine the network diagram shown in the exhibit, and then answer the following question: A firewall administrator must configure equal cost multipath (ECMP) routing on FGT1 to ensure both port1 and port3 links are used at the same time for all traffic destined for 172.20.2.0/24. Which of the following static...
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?A . By default, FortiGate uses WINS servers to resolve names.B . By default, the SSL VPN portal requires the installation of a client’s certificate.C . By default, split tunneling is enabled.D . By default,...
When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?
Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below. When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?A . SMTB . Login.Brute.ForceC . IMAD . Login.brute.ForceE . ip_src_sessionF . Location: server Protocol: SMTPView AnswerAnswer: B
Which of the following SD-WAN load Cbalancing method use interface weight value to distribute traffic? (Choose two.)
Which of the following SD-WAN load Cbalancing method use interface weight value to distribute traffic? (Choose two.)A . Source IPB . SpilloverC . VolumeD . SessionView AnswerAnswer: CD