NEW QUESTION 1
Which statements are true regarding IPv6 anycast addresses? (Choose two.)

• A. Multiple interfaces can share the same anycast address.
• B. They are allocated from the multicast address space.
• C. Different nodes cannot share the same anycast address.
• D. An anycast packet is routed to the nearest interface.

Answer: AD

NEW QUESTION 2
What are examples of correct syntax for the session table diagnostics command? (Choose two.)

• A. diagnose sys session filter clear
• B. diagnose sys session src 10.0.1.254
• C. diagnose sys session filter
• D. diagnose sys session filter list dst.

Answer: AC

NEW QUESTION 3
Which of the following FSSO modes must be used for Novell eDirectory networks?

• A. Agentless polling
• B. LDAP agent
• C. eDirectory agent
• D. DC agent

Answer: C

NEW QUESTION 4
Which of the following statements are true regarding the web filtering modes? (Choose two.)

• A. Proxy based mode allows for customizable block pages to display when sites are prevented.
• B. Proxy based mode requires more resources than flow-based.
• C. Flow based mode offers more settings under the advanced configuration section of the GUI.
• D. Proxy based mode offers higher throughput than flow-based mode.

Answer: AB

NEW QUESTION 5
Examine the following FortiGate web proxy configuration; then answer the question below:
config web-proxy explicit
set pac-file-server-status enable set pac-file-server-port 8080
set pac-file-name wpad.dat end
Assuming that the FortiGate proxy IP address is 10.10.1.1, which URL must an Internet browser use to download the PAC file?

• A. https://10.10.1.1:8080
• B. https://10.10.1.1:8080/wpad.dat
• C. http://10.10.1.1:8080/
• D. http://10.10.1.1:8080/wpad.dat

Answer: D

NEW QUESTION 6
Which of the following spam filtering methods are supported on the FortiGate unit? (Select all that apply.)

• A. IP Address Check
• B. Open Relay Database List (ORDBL)
• C. Black/White List
• D. Return Email DNS Check
• E. Email Checksum Check

Answer: ABCDE

NEW QUESTION 7
Which statement best describes the objective of the SYN proxy feature available in SP processors?

• A. Accelerate the TCP 3-way handshake
• B. Collect statistics regarding traffic sessions
• C. Analyze the SYN packet to decide if the new session can be offloaded to the SP processor
• D. Protect against SYN flood attacks.

Answer: D

NEW QUESTION 8
Which header field can be used in a firewall policy for traffic matching?

• A. ICMP type and code.
• B. DSCP.
• C. TCP window size.
• D. TCP sequence number.

Answer: A

NEW QUESTION 9
Which FSSO agents are required for a FSSO agent-based polling mode solution?

• A. Collector agent and DC agents
• B. Polling agent only
• C. Collector agent only
• D. DC agents only

Answer: A

NEW QUESTION 10
Which of the following statements best describes what a Certificate Signing Request (CSR) is?

• A. A message sent by the Certificate Authority (CA) that contains a signed digital certificate.
• B. An enquiry submitted to a Certificate Authority (CA) to request a root CA certificate
• C. An enquiry submitted to a Certificate Authority (CA) to request a signed digital certificate
• D. An enquiry submitted to a Certificate Authority (CA) to request a Certificate Revocation List (CRL)

Answer: B

NEW QUESTION 11
What action does an IPsec Gateway take with the user traffic routed to an IPsec VPN when it does not match any phase 2 quick mode selector?

• A. Traffic is dropped
• B. Traffic is routed across the default phase 2.
• C. Traffic is routed to the next available route in the routing table.
• D. Traffic is routed unencrypted to the interface where the IPsec VPN is terminating.

Answer: A

NEW QUESTION 12
Which statement best describes what SSL VPN Client Integrity Check does?

• A. Blocks SSL VPN connection attempts from users that has been blacklisted.
• B. Detects the Windows client security applications running in the SSL VPN client's PCs.
• C. Validates the SSL VPN user credential.
• D. Verifies which SSL VPN portal must be presented to each SSL VPN user.
• E. Verifies that the latest SSL VPN client is installed in the client's PC.

Answer: B

NEW QUESTION 13
Which IPSec mode includes the peer id information in the first packet?

• A. Main mode.
• B. Quick mode.
• C. Aggressive mode.
• D. IKEv2 mode.

Answer: C

NEW QUESTION 14
Which is NOT true about the settings for an IP pool type port block allocation?

• A. A Block Size defines the number of connections.
• B. Blocks Per User defines the number of connection blocks for each user.
• C. An Internal IP Range defines the IP addresses permitted to use the pool.
• D. An External IP Range defines the IP addresses in the pool.

Answer: B

NEW QUESTION 15
In HA, the option Reserve Management Port for Cluster Member is selected as shown in the exhibit below.

Which statements are correct regarding this setting? (Choose two.)

• A. Interface settings on port7 will not be synchronized with other cluster members.
• B. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface.
• C. When connecting to port7 you always connect to the master device.
• D. A gateway address may be configured for port7.

Answer: AD

NEW QUESTION 16
A FortiGate unit has multiple VDOMs in NAT/route mode with multiple VLAN interfaces in each VDOM. Which of the following statements is correct regarding the IP addresses
assigned to each VLAN interface?

• A. Different VLANs can share the same IP address as long as they have different VLAN IDs.
• B. Different VLANs can share the same IP address as long as they are in different physical interface.
• C. Different VLANs can share the same IP address as long as they are in different VDOMs.
• D. Different VLANs can never share the same IP addresses.

Answer: C