- All Exams Instant Download
What does the dirty flag mean in a FortiGate session configured for NGFW policy mode?
What does the dirty flag mean in a FortiGate session configured for NGFW policy mode?A . The existing session table entry has been updated with the app_id and the firewall policy table needs to be checked for a match.B . The application or URL category is unknown and needs to...
Which one of the following statements about this FortiGate is correct?
View the exhibit, which contains the output of a debug command, and then answer the question below. Which one of the following statements about this FortiGate is correct?A . It is currently in system conserve mode because of high CPU usage.B . It is currently in extreme conserve mode because...
What is causing the IPsec problem in the phase 1 ?
An administrator added the following Ipsec VPN to a FortiGate configuration: configvpn ipsec phasel -interface edit "RemoteSite" set type dynamic set interface "portl" set mode main set psksecret ENC LCVkCiK2E2PhVUzZe next end config vpn ipsec phase2-interface edit "RemoteSite" set phasel name "RemoteSite" set proposal 3des-sha256 next end However, the phase...
Which statements are correct regarding the output shown?
View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below. Which statements are correct regarding the output shown? (Choose two.)A . There are 0 ephemeral sessions.B . All the sessions in the session table are TCP sessions.C . No sessions have been...
What must the administrator change to fix the issue?
Refer to the exhibit, which shows a FortiGate configuration. An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy. What must...
Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)
Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)A . Primary unit stops sending HA heartbeat keepalives.B . The FortiGuard license for the primary unit is updated.C . One of the monitored interfaces in the primary unit is disconnected.D ....
Why?
Refer to the exhibit, which contains a screenshot of some phase 1 settings. The VPN is not up. To diagnose the issue, the administrator enters the following CLI commands to an SSH session on FortiGate: diagnose vpn ike log-filter dst-addr4 10.0.10.1 diagnose debug application ike -1 However, the IKE real-time...
What should the administrator check?
Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below. # diagnose debug authd fsso list ―FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB. What should...
Which two statements about this debug output are correct?
Refer to the exhibit, which contains partial output from an IKE real-time debug. Which two statements about this debug output are correct? (Choose two.)A . The initiator provided remote as its IPsec peer ID.B . It shows a phase 2 negotiation.C . Perfect Forward Secrecy (PFS) is enabled in the...
Which statements are correct regarding the output?
View the exhibit, which contains the output of get sys ha status, and then answer the question below. Which statements are correct regarding the output? (Choose two.)A . The slave configuration is not synchronized with the master.B . The HA management IP is 169.254.0.2.C . Master is selected because it...
