NEW QUESTION 1
Review the IPS sensor filter configuration shown in the exhibit

Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.)

• A. It does not log attacks targeting Linux servers.
• B. It matches all traffic to Linux servers.
• C. Its action will block traffic matching these signatures.
• D. It only takes effect when the sensor is applied to a policy.

Answer: CD

NEW QUESTION 2
What is the purpose of the Policy Lookup feature?

• A. It searches the matching policy based on an input criteria.
• B. It enables hidden security profiles with full logging capabilities and generates Learning Reports based on an input criteria.
• C. It finds duplicate objects in firewall policies.
• D. It creates a new firewall policy based on an input criteria.

Answer: A

NEW QUESTION 3
A network administrator connects his PC to the INTERNAL interface on a FortiGate unit.
The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity.
The following troubleshooting commands are executed from the CLI:

Based on the output from these commands, which of the following is a possible cause of the problem?

• A. The FortiGate unit has no route back to the PC.
• B. The PC has an IP address in the wrong subnet.
• C. The PC is using an incorrect default gateway IP address.
• D. There is no firewall policy allowing traffic from INTERNAL -> VLAN1.

Answer: D

NEW QUESTION 4
A FortiAnalyzer device could use which security method to secure the transfer of log data from FortiGate devices?

• A. SSL
• B. IPSec
• C. direct serial connection
• D. S/MIME

Answer: B

NEW QUESTION 5
Which condition must be met to offload the encryption and decryption of IPsec traffic to an NP6 processor?

• A. Phase 2 must use an encryption algorithm supported by the NP6.
• B. Anti-replay must be disabled.
• C. IPsec traffic must not be inspected by a session helper.
• D. No content inspection can be applied to traffic that is going to be encrypted.

Answer: A

NEW QUESTION 6
Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit.

Which of the following statements is correct regarding this output? (Select one answer).

• A. One tunnel is rekeying.
• B. Two tunnels are rekeying.
• C. Two tunnels are up.
• D. One tunnel is up.

Answer: C

NEW QUESTION 7
A DLP rule with an action of Exempt has been matched against traffic passing through the FortiGate unit. Which of the following statements is correct regarding how this transaction will be handled by the FortiGate unit?

• A. Any other matched DLP rules will be ignored with the exception of Archiving.
• B. Future files whose characteristics match this file will bypass DLP scanning.
• C. The traffic matching the DLP rule will bypass antivirus scanning.
• D. The client IP address will be added to a white list.

Answer: A

NEW QUESTION 8
Which of the following pieces of information can be included in the Destination Address field of a
firewall policy? (Select all that apply.)

• A. An IP address pool.
• B. A virtual IP address.
• C. An actual IP address or an IP address group.
• D. An FQDN or Geographic value(s).

Answer: BCD

NEW QUESTION 9
Which of the following actions can be used with the FortiGuard quota feature? (Choose three.)

• A. Allow
• B. Block
• C. Monitor
• D. Warning
• E. Authenticate

Answer: CDE

NEW QUESTION 10
An intermittent connectivity issue is noticed between two devices located behind the FortiGate dmz
and internal interfaces. A continuous sniffer trace is run on the FortiGate unit that the administrator will convert into a .cap file for an off-line analysis with a sniffer application.

Given the high volume of global traffic on the network, which of the following CLI commands will best allow the administrator to perform this troubleshooting operation?

• A. diagnose sniffer packet any
• B. diagnose sniffer packet dmz "" 3
• C. diagnose sniffer packet any "host 192.168.1.100 and host 192.168.10.100 " 3
• D. diagnose sniffer packet any "host 192.168.1.100 and host 192.168.10.100 " 4

Answer: C

NEW QUESTION 11
For traffic that does match any configured firewall policy, what is the default action taken by the
FortiGate?

• A. The traffic is allowed and no log is generated.
• B. The traffic is allowed and logged.
• C. The traffic is blocked and no log is generated.
• D. The traffic is blocked and logged.

Answer: C

NEW QUESTION 12
Review the IPsec phase 2 configuration shown in the exhibit; then answer the question below.

Which statements are correct regarding this configuration? (Choose two.).

• A. The Phase 2 will re-key even if there is no traffic.
• B. There will be a DH exchange for each re-key.
• C. The sequence number of ESP packets received from the peer will not be checked.
• D. Quick mode selectors will default to those used in the firewall policy.

Answer: AB

NEW QUESTION 13
Which of the following products provides dedicated hardware to analyze log data from multiple
FortiGate devices?

• A. FortiGate device
• B. FortiAnalyzer device
• C. FortiClient device
• D. FortiManager device
• E. FortiMail device
• F. FortiBridge device

Answer: B

NEW QUESTION 14
What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to?

• A. 1
• B. 2
• C. 3
• D. 4

Answer: C

NEW QUESTION 15
Which of the following statements is correct about configuring web filtering overrides?

• A. The Override option for FortiGuard Web Filtering is available for any user group type.
• B. Admin overrides require an administrator to manually allow pending override requests which are listed in the Override Monitor.
• C. The Override Scopes of User and User Group are only for use when Firewall Policy Authentication is also being used.
• D. Using Web Filtering Overrides requires the use of Firewall Policy Authentication.

Answer: C

NEW QUESTION 16
When creating FortiGate administrative users, which configuration objects specify the account rights?

• A. Remote access profiles.
• B. User groups.
• C. Administrator profiles.
• D. Local-in policies.

Answer: C

NEW QUESTION 17
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

• A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
• B. ADVPN is only supported with IKEv2.
• C. Tunnels are negotiated dynamically between spokes.
• D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Answer: AC

NEW QUESTION 18
Which one of the following statements is correct about raw log messages?

• A. Logs have a header and a body section.The header will have the same layout for every log message.The body section will change layout from one type of log message to another.
• B. Logs have a header and a body section.The header and body will change layout from one type of log message to another.
• C. Logs have a header and a body section.The header and body will have the same layout for every log message.

Answer: A

NEW QUESTION 19
Examine the network topology diagram in the exhibit; the workstation with the IP address 212.10.11.110 sends a TCP SYN packet to the workstation with the IP address 212.10.11.20.

Which of the following sentences best describes the result of the reverse path forwarding (RFP) check executed by the FortiGate on the SYN packets? (Choose two).

• A. Packets is allowed if RPF is configured as loose.
• B. Packets is allowed if RPF is configured as strict.
• C. Packets is blocked if RPF is configured as loose.
• D. Packets is blocked if RPF is configured as strict.

Answer: AD

NEW QUESTION 20
Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.

• A. Policy-based only.
• B. Route-based only.
• C. Either policy-based or route-based VPN.
• D. GRE-based only.

Answer: B

NEW QUESTION 21
Which of the following statements are true regarding Local User Authentication? (Select all that
apply.)

• A. Local user authentication is based on usernames and passwords stored locally on the FortiGate unit.
• B. Two-factor authentication can be enabled on a per user basis.
• C. Administrators can create an account for the user locally and specify the remote server to verify the password.
• D. Local users are for administration accounts only and cannot be used for identity policies.

Answer: ABC

NEW QUESTION 22
Which of the following statements are true regarding traffic accelerated by an NP processor? (Choose
two.)

• A. TCP SYN packets are always handled by the NP Processor
• B. The initial packets go to the NP Processor, where a decision is taken on if the session can be offloaded or not.
• C. Packets for a session termination are always handled by the CPU.
• D. The initial packets go to the CPU, where a decision is taken on if the session can be offloaded or not.

Answer: AD

NEW QUESTION 23
Which statement about the FortiGuard services for the FortiGate is true?

• A. Antivirus signatures are downloaded locally on the FortiGate.
• B. FortiGate downloads IPS updates using UDP port 53 or 8888.
• C. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.
• D. The web filtering database is downloaded locally on the FortiGate.

Answer: A

Explanation:

NEW QUESTION 24
Which of the following statements best describes how the collector agent learns that a user has
logged off from the network?

• A. The workstation fails to reply to the polls frequently done by the collector agent.
• B. The DC agent captures the log off event from the event logs, which it forwards to the collector agent.
• C. The work station notifies the DC agent that the user has logged off.
• D. The collector agent gets the logoff events when polling the respective domain controller.

Answer: D

NEW QUESTION 25
Which statement best describes what SSL VPN Client Integrity Check does?

• A. Blocks SSL VPN connection attempts from users that has been blacklisted.
• B. Detects the Windows client security applications running in the SSL VPN client's PCs.
• C. Validates the SSL VPN user credential.
• D. Verifies which SSL VPN portal must be presented to each SSL VPN user.
• E. Verifies that the latest SSL VPN client is installed in the client's PC.

Answer: B

NEW QUESTION 26
Examine this log entry. What does the log indicate? (Choose three.)
date=2013-12-04 time=09:30:18 logid=0100032001 type=event subtype=system level=information vd="root" user="admin" ui=http(192.168.1.112) action=login status=success reason=none profile="super_admin" msg="Administrator admin logged in successfully from http(192.168.1.112)"

• A. In the GUI, the log entry was located under "Log & Report > Event Log > User".
• B. In the GUI, the log entry was located under "Log & Report > Event Log > System".
• C. In the GUI, the log entry was located under "Log & Report > Traffic Log > Local Traffic".
• D. The connection was encrypted.
• E. The connection was unencrypted.
• F. The IP of the FortiGate interface that "admin" connected to was 192.168.1.112.
• G. The IP of the computer that "admin" connected from was 192.168.1.112.

Answer: BE

NEW QUESTION 27
Which of the following components are contained in all FortiGate units from the FG50 models and up? (Select all that apply.)

• A. FortiASIC content processor.
• B. Hard Drive.
• C. Gigabit network interfaces.
• D. Serial console port.

Answer: AD

NEW QUESTION 28
How many packets are interchanged between both IPSec ends during the negotiation of a main-
mode phase 1?

• A. 5
• B. 3
• C. 2
• D. 6

Answer: D

NEW QUESTION 29
Which statement best describes the objective of the SYN proxy feature available in SP processors?

• A. Accelerate the TCP 3-way handshake
• B. Collect statistics regarding traffic sessions
• C. Analyze the SYN packet to decide if the new session can be offloaded to the SP processor
• D. Protect against SYN flood attacks.

Answer: D

NEW QUESTION 30
......