Which additional best practice can an administrator implement?
An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?A . Configure Source IP Pools.B . Configure split tunneling in tunnel mode.C . Configure different SSL VPN realms.D . Configure host check.View AnswerAnswer: D
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)A . Lookup is done on the first packet from the session originatorB . Lookup is done on the last packet sent from the responderC . Lookup is done on every packet,...
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)A . The firmware image must be manually uploaded to each FortiGate.B . Only secondary FortiGate devices are rebooted.C . Uninterruptable upgrade is enabled by default.D . Traffic load balancing is temporally disabled while upgrading...
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)A . hard-timeoutB . auth-on-demandC . soft-timeoutD . new-sessionE . Idle-timeoutView AnswerAnswer: A,D,E Explanation: https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221
Which two other security profiles can you apply to the security policy?
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)A . Antivirus scanningB . File filterC . DNS filterD . Intrusion preventionView AnswerAnswer: A,D
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
Refer to the exhibit. Examine the intrusion prevention system (IPS) diagnostic command. Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?A . The IPS engine was inspecting high volume of traffic.B . The IPS engine...
How does FortiGate act when using SSL VPN in web mode?
How does FortiGate act when using SSL VPN in web mode?A . FortiGate acts as an FDS server.B . FortiGate acts as an HTTP reverse proxy.C . FortiGate acts as DNS server.D . FortiGate acts as router.View AnswerAnswer: B
Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)
Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)A . diagnose sys topB . execute pingC . execute tracerouteD . diagnose sniffer packet anyE . get system arpView AnswerAnswer: BCD
Which of the following statements about central NAT are true? (Choose two.)
Which of the following statements about central NAT are true? (Choose two.)A . IP tool references must be removed from existing firewall policies before enabling central NAC . Central NAT can be enabled or disabled from the CLI only.D . Source NAT, using central NAT, requires at least one central...
Which interface will be selected as an outgoing interface?
Refer to the exhibit. The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check. Which interface will be selected as an outgoing interface?A . port2B . port4C . port3D . port1View AnswerAnswer: D