- All Exams Instant Download
Which two statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
Which two statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)A . The firmware image must be uploaded manually to each FortiGate.B . Uninterruptable upgrade is enabled by default.C . Traffic load balancing is temporarily disabled while the firmware is upgraded.D . Only secondary...
Which two statements about antivirus scanning mode are true? (Choose two.)
Which two statements about antivirus scanning mode are true? (Choose two.)A . In proxy-based inspection mode, antivirus buffers the whole file for scanning, before sending it to the client.B . In full scan flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.C . In...
The FSSO Collector Agent set to advanced access mode for the Windows Active Directory uses which of the following?
The FSSO Collector Agent set to advanced access mode for the Windows Active Directory uses which of the following?A . LDAP conventionB . NTLM conventionC . Windows convention - NetBiosUsernameD . RSSO conventionView AnswerAnswer: A
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?A . remote user's public IPaddressB . The public IP address of the FortiGate device.C . The remote user's virtual lP address.D . The internal IP...
An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices which configuration steps must be performed on both devices to support this scenario? (Choose three)
An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices which configuration steps must be performed on both devices to support this scenario? (Choose three)A . Define the phase 1 parameters, without enabling IPsec interface modeB . Define the phase 2 parametersC . Set the phase...
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?A . It must be configured in a static route using the sdwan virtual interface.B . It must be provided in the SD-WAN member interface configuration.C . It must...
NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?
NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?A . Web filteringB . AntivirusC . Web proxyD . Application controlView AnswerAnswer: C
Which of the following statements are correct?
View the exhibit. Which of the following statements are correct? (Choose two.)A . This setup requires at least two firewall policies with the action set to lPsec.B . Dead peer detection must be disabled to support this type of IPsec setup.C . The Tunnel route is the primary route for...
What is a possible reason for this?
Examine the IPS sensor configuration shown in the exhibit, and then answer the question below. An administrator has configured the WinDOS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating...
On a FortiGate with a hard disk, how frequently can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)
On a FortiGate with a hard disk, how frequently can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)A . On-demandB . HourlyC . Every 5 minutesD . In real timeView AnswerAnswer: CD
