- All Exams Instant Download
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?A . IP addressB . Once Internet Service is selected, no other object can be addedC . User or User GroupD . FQDN addressView...
Which security profile’s configuration does not change when you enable policy-based inspection?
NGFW mode allows policy-based configuration for most inspection rules. Which security profile’s configuration does not change when you enable policy-based inspection?A . Web filteringB . AntivirusC . Web proxyD . Application controlView AnswerAnswer: B
What should the user do to successfully connect to SSL VPN?
Refer to the exhibits. The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?A . Change the SSL VPN port on the client.B . Change the Server IP address.C . Change the idle-timeout.D . Change the...
Which statement about the policy ID number of a firewall policy is true?
Which statement about the policy ID number of a firewall policy is true?A . It is required to modify a firewall policy using the CLC . It represents the number of objects used in the firewall policy.D . It changes when firewall policies are reordered.E . It defines the order...
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)A . Traffic to botnetserversB . Traffic to inappropriate web sitesC . Server information disclosure attacksD . Credit card data leaksE . SQL injection attacksView AnswerAnswer: CDE
What should the user do to successfully connect to SSL VPN?
Refer to the exhibits. The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?A . Change the SSL VPN port on the client.B . Change the Server IP address.C . Change the idle-timeout.D . Change the...
What is a possible reason for this?
Examine the IPS sensor configuration shown in the exhibit, and then answer the question below. An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating...
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)A . Lookup is done on the first packet from the session originatorB . Lookup is done on the last packet sent from the responderC . Lookup is done on every packet,...
Why did the FortiGate drop the packet?
Examine this output from a debug flow: Why did the FortiGate drop the packet?A . The next-hop IP address is unreachable.B . It failed the RPF check.C . It matched an explicitly configured firewall policy with the action DENE . It matched the default implicit firewall policy.View AnswerAnswer: D Explanation:...
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)A . hard-timeoutB . auth-on-demandC . soft-timeoutD . new-sessionE . Idle-timeoutView AnswerAnswer: A,D,E Explanation: https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221
