EnsurepassQUESTION 84  (Topic 2)   Which of the following statements is correct regarding the antivirus scanning function on the FortiGate unit?   A. Antivirus scanning provides end-to-end virus protection for client workstations. B. Antivirus scanning provides virus protection for the HTTP, Telnet, SMTP, and FTP protocols. C. Antivirus scanning supports banned word checking. D. Antivirus scanning supports grayware protection.         < font face="Arial">  Read more [...]
EnsurepassQUESTION 74  (Topic 2)   You are the administrator in charge of a FortiGate unit which acts as a VPN gateway. You have chosen to use Interface Mode when configuring the VPN tunnel and you want users         from either side to be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate unit already has a default route.   Which of the following configuration steps are required to achieve these objectives? (Select all that apply.) Read more [...]
EnsurepassQUESTION 54  (Topic 2)   Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies?   A. TCP connection B. File attachments C. Message headers D. Message body   Answer: A     QUESTION 55  (Topic 2)   An administrator is examining the attack logs and notices the following entry:   type=ips subtype=signature pri=alert vd=root serial=1995 attack_id=103022611 src=69.45.64.22 dst=192.168.1.100 src_port=80 Read more [...]
EnsurepassQUESTION 64  (Topic 2)   Which spam filter is not available on a FortiGate device?   A. Sender IP reputation database B. URLs included in the body of known SPAM messages. C. Email addresses included in the body of known SPAM messages. D. Spam object checksums E. Spam grey listing   Answer: E     QUESTION 65  (Topic 2)   A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.       Read more [...]
EnsurepassQUESTION 44  (Topic 2)   A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.     Which of the following statements are correct regarding these VDOMs? (Select all that apply.)   A. The FortiGate unit supports any combination of these VDOMs in NAT/Route and Transparent modes. B. The FortiGate unit must be a model 1000 or above to support multiple VDOMs. C. A license had to be purchased and applied to the FortiGate Read more [...]
EnsurepassQUESTION 21  (Topic 1)   Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.)   config ips sensor   edit "LINUX_SERVER"   set comment ''   set replacemsg-group ''   set log enable   config entries   edit 1   set action default   set application all   set location server   set log enable   set log-packet enable Read more [...]
Ensurepass  QUESTION 11  (Topic 1)   Data Leak Prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.)   A. SNMP B. IPSec C. SMTP D. POP3 E. HTTP   Answer: CDE     QUESTION 12  (Topic 1)   Examine the static route configuration shown below; then answer the question following it.   config router static   edit Read more [...]
EnsurepassQUESTION 1  (Topic 1)   What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed set of IPSec tunnels? (Select all that apply.)   A. Using a hub and spoke topology is required to achieve full redundancy. B. Using a hub and spoke topology simplifies configuration because fewer tunnels are required. C. Using a hub and spoke topology provides stronger encryption. D. The routing at a spoke is simpler, compared to a meshed Read more [...]
EnsurepassQUESTION 61 Which of the following statements correctly describes the deepscan option for HTTPS?   A. When deepscan is disabled, only the web server certificate is inspected; no decryption of content occurs. B. Enabling deepscan will perform further checks on the server certificate. C. Deepscan is only applicable to mail protocols, where all IP addresses in the header are checked. D. With deepscan enabled, archived files will be decompressed before scanning for a more Read more [...]
EnsurepassQUESTION 71 SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection?   A. The file is buffered by the application proxy. B. The file is buffered by the SSL proxy. C. In the upload direction, the file is buffered by the SSL proxy. In the download direction, the file is buffered by the application proxy. D. No file buffering is needed since a stream-based scanning approach is used for Read more [...]
Ensurepass  QUESTION 41 Identify the correct properties of a partial mesh VPN deployment:   A. VPN tunnels interconnect between every single location. B. VPN tunnels are not configured between every single location. C. Some locations are reached via a hub location. D. There are no hub locations in a partial mesh.   Correct Answer: BC     QUESTION 42 In a High Availability cluster operating in Active-Active mode, which of the following correctly describes the Read more [...]