NEW QUESTION 1
Which one of the following processes is involved in updating IPS from FortiGuard?

• A. FortiGate IPS update requests are sent using UDP port 443.
• B. Protocol decoder update requests are sent to service.fortiguard.net.
• C. IPS signature update requests are sent to update.fortiguard.net.
• D. IPS engine updates can only be obtained using push updates.

Answer: C

NEW QUESTION 2
An administrator is running the following sniffer command:
diagnose sniffer packet any “host 10.0.2.10” 3
What information will be included in the sniffer output? (Choose three.)

• A. IP header
• B. Ethernet header
• C. Packet payload
• D. Application header
• E. Interface name

Answer: ABC

NEW QUESTION 3
View the exhibit.

VDOM1 is operating is transparent mode VDOM2 is operating in NAT Route mode. There is an inter-VDOM link between both VDOMs. A client workstation with the IP address 10.0.1.10/24 is connected to port2. A web server with the IP address 10.200.1.2/24 is connected to port1.
What is required in the FortiGate configuration to route and allow connections from the client workstation to the web server? (Choose two.)

• A. A static or dynamic route in VDOM2 with the subnet 10.0.1.0/24 as the destination.
• B. A static or dynamic route in VDOM1 with the subnet 10.200.1.0/24 as the destination.
• C. One firewall policy in VDOM1 with port2 as the source interface and InterVDOM0 as the destination interface.
• D. One firewall policy in VDOM2 with InterVDOM1 as the source interface and port1 as the destination interface.

Answer: AC

NEW QUESTION 4
Examine this FortiGate configuration:

Examine the output of the following debug command:

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

• A. It is allowed, but with no inspection
• B. It is allowed and inspected as long as the inspection is flow based
• C. It is dropped.
• D. It is allowed and inspected, as long as the only inspection required is antivirus.

Answer: C

NEW QUESTION 5
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

• A. A CRL
• B. A person
• C. A subordinate CA
• D. A root CA

Answer: D

NEW QUESTION 6
Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

• A. They can be configured in both NAT/Route and transparent operation modes.
• B. They support L2TP-over-IPsec.
• C. They require two firewall policies: one for each directions of traffic flow.
• D. They support GRE-over-IPsec.

Answer: AB

NEW QUESTION 7
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

• A. By default, FortiGate uses WINS servers to resolve names.
• B. By default, the SSL VPN portal requires the installation of a client’s certificate.
• C. By default, split tunneling is enabled.
• D. By default, the admin GUI and SSL VPN portal use the same HTTPS port.

Answer: A

NEW QUESTION 8
The FSSO Collector Agent set to advanced access mode for the Windows Active Directory uses which of the following?

• A. LDAP convention
• B. NTLM convention
• C. Windows convention - NetBios: DomainUsemame
• D. RSSO convention

Answer: C

NEW QUESTION 9
View the certificate shown to the exhibit, and then answer the following question:

The CA issued this certificate to which entity?

• A. A root CA
• B. A person
• C. A bridge CA
• D. A subordinate CA

Answer: A

NEW QUESTION 10
Which statement about FortiGuard services for FortiGate is true?

• A. The web filtering database is downloaded locally on FortiGate.
• B. Antivirus signatures are downloaded locally on FortiGate.
• C. FortiGate downloads IPS updates using UDP port 53 or 8888.
• D. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.

Answer: B

NEW QUESTION 11
Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)

• A. If the DHCP method fails, browsers will try the DNS method.
• B. The browser needs to be preconfigured with the DHCP server’s IP address.
• C. The browser sends a DHCPONFORM request to the DHCP server.
• D. The DHCP server provides the PAC file for download.

Answer: AC

NEW QUESTION 12
View the exhibit:

Which statement about the exhibit is true? (Choose two.)

• A. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.
• B. port-VLAN1 is the native VLAN for the port1 physical interface.
• C. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
• D. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.

Answer: CD

NEW QUESTION 13
Which is a requirement for creating an inter-VDOM link between two VDOMs?

• A. The inspection mode of at least one VDOM must be proxy-based.
• B. At least one of the VDOMs must operate in NAT mode.
• C. The inspection mode of both VDOMs must match.
• D. Both VDOMs must operate in NAT mode.

Answer: A

NEW QUESTION 14
View the exhibit:

The client cannot connect to the HTTP web server. The administrator ran the FortiGate built-in sniffer and got the following output:

What should be done next to troubleshoot the problem?

• A. Run a sniffer in the web server.
• B. Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”.
• C. Capture the traffic using an external sniffer connected to port1.
• D. Execute a debug flow.

Answer: C

NEW QUESTION 15
Which of the following statements about virtual domains (VDOMs) are true? (Choose two.)

• A. The root VDOM is the management VDOM by default.
• B. A FortiGate device has 64 VDOMs, created by default.
• C. Each VDOM maintains its own system time.
• D. Each VDOM maintains its own routing table.

Answer: AD

NEW QUESTION 16
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

• A. Lookup is done on the trust packet from the session originator
• B. Lookup is done on the last packet sent from the re spender
• C. Lookup is done on every packet, regardless of direction
• D. Lookup is done on the trust reply packet from the re spender

Answer: AB

NEW QUESTION 17
View the exhibit.

Why is the administrator getting the error shown in the exhibit?

• A. The administrator must first enter the command edit global.
• B. The administrator admin does not have the privileges required to configure global settings.
• C. The global settings cannot be configured from the root VDOM context.
• D. The command config system global does not exist in FortiGate.

Answer: A

NEW QUESTION 18
Examine the two static routes shown in the exhibit, then answer title following question.

Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

• A. FortiGate will load balance all traffic across both routes.
• B. FortiGate will use the port1 route as the primary candidate.
• C. FortiGate will route twice as much traffic to the port2 route
• D. FortiGate will only actuate the portl route m tlie routing table

Answer: C

NEW QUESTION 19
Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

• A. Include the group of guest users in a policy.
• B. Extend timeout timers.
• C. Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.
• D. Ensure all firewalls allow the FSSO required ports.

Answer: AD

NEW QUESTION 20
View the exhibit.

Based on the configuration shown in the exhibit, what statements about application control behavior are true? (Choose two.)

• A. Access to all unknown applications will be allowed.
• B. Access to browser-based Social.Media applications will be blocked.
• C. Access to mobile social media applications will be blocked.
• D. Access to all applications in Social.Media category will be blocked.

Answer: BD

NEW QUESTION 21
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

• A. Log downloads from the GUI are limited to the current log filter view
• B. Log backups from the CLI cannot be restored to another FortiGate.
• C. Log backups from the CLI can be configured to upload to FTP at a scheduled time
• D. Log downloads from the GUI are stored as LZ4 compressed files.

Answer: BC

NEW QUESTION 22
......