- All Exams Instant Download
Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?
Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?A . Diagnose debug application radius -1.B . Diagnose debug application fnbamd -1.C . Diagnose authd console Clog enable.D . Diagnose radius console Clog enable.View AnswerAnswer: B Explanation: https://kb.fortinet.com/kb/documentLink.do?externalID=FD32838
Which two tasks are automated using the Import Configuration wizard on FortiManager? (Choose two.)
Which two tasks are automated using the Import Configuration wizard on FortiManager? (Choose two.)A . Importing firewall address objects from managed devicesB . Importing interface mappings from managed devicesC . Importing static and dynamic route configurations from managed devicesD . Importing devices to FortiManagerView AnswerAnswer: A,B Explanation: https://docs.fortinet.com/document/fortimanager/7.0.5/administration-guide/337348
If the HA ID for the primary unit is zero (0), which statement about the output is true?
Refer to the exhibit, which contains the output of diagnose sys session list. If the HA ID for the primary unit is zero (0), which statement about the output is true?A . This session cannot be synced with the slave unit.B . The inspection of this session has been offloaded...
What change must the administrator make to the hub BGP configuration so that the routes learned by one spoke are forwarded to the other spokes?
Exhibits: Refer to the exhibits, which contain the network topology and BGP configuration for a hub. An administrator is trying to configure ADVPN with a hub-spoke VPN setup using iBGP. All the VPNs are up and connected to the hub. The hub is receiving route information from both spokes over...
Which TCP session timer must be increased to fix this problem?
An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of...
Which statement about the exhibit is true?
Refer to the exhibit, which contains the output of a BGP debug command. Which statement about the exhibit is true?A . The local router has received a total of three BGP prefixes from all peers.B . The local router has not established a TCP session with 100.64.3.1.C . Since the...
Which statement about IKE and IKE NAT-T is true?
Which statement about IKE and IKE NAT-T is true?A . IKE is used to encapsulate ESP traffic in some situations, and IKE NAT-T is used only when the local FortiGate is using NAT on the IPsec interface.B . IKE is the standard implementation for IKEv1 and IKE NAT-T is an...
Based on the output, which two statements are correct?
Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command. Based on the output, which two statements are correct? (Choose two.)A . The npu_flag for this tunnel is 03.B . Different SPI values are a result of auto-negotiation being disabled for phase 2...
Why is the port2 default route not in the second command's output?
Refer to the exhibit, which contains partial outputs from two routing debug commands. Why is the port2 default route not in the second command's output?A . It has a higher priority value than the default route using port1.B . It is disabled in the FortiGate configuration.C . It has a...
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug: diagnose debug application ike-1 diagnose debug enable In which order is each step and phase displayed in the debug output each...
