EnsurepassQUESTION 61 Examine the exhibit; then answer the question below.     The Vancouver FortiGate initially had the following information in its routing table:   S 172.20.0.0/16 [10/0] via 172.21.1.2, port2   C 172.21.0.0/16 is directly connected, port2   C 172.11.11.0/24 is directly connected, port1   Afterwards, the following static route was added:   config router static   edit 6   set dst 172.20.1.0 255.255.255.0   set pririoty 0   Read more [...]
EnsurepassQUESTION 71 In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?   A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server. B. Request: internal host; slave FortiGate; Internet; web server. C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server. D. Request: internal host; master Read more [...]
EnsurepassQUESTION 51 A static route is configured for a FortiGate unit from the CLI using the following commands:   config router static   edit 1   set device "wan1"   set distance 20   set gateway 192.168.100.1   next   end   Which of the following conditions are required for this static default route to be displayed in the FortiGate unit's routing table? (Choose two.)   A. The administrative status of the wan1 interface is displayed as down. Read more [...]
EnsurepassQUESTION 61 Examine the exhibit; then answer the question below.     The Vancouver FortiGate initially had the following information in its routing table:   S 172.20.0.0/16 [10/0] via 172.21.1.2, port2   C 172.21.0.0/16 is directly connected, port2   C 172.11.11.0/24 is directly connected, port1   Afterwards, the following static route was added:   config router static   edit 6   set dst 172.20.1.0 255.255.255.0   set pririoty 0   Read more [...]
EnsurepassQUESTION 31 An administrator wants to create an IPsec VPN tunnel between two FortiGate devices. Which three configuration steps must be performed on both units to support this scenario? (Choose three.)   A. Create firewall policies to allow and control traffic between the source and destination IP addresses. B. Configure the appropriate user groups to allow users access to the tunnel. C. Set the operating mode to IPsec VPN mode. D. Define the phase 2 parameters. E. Read more [...]
EnsurepassQUESTION 41 Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.)   A. Only one proxy is supported. B. Can be manually imported to the browser. C. The browser can automatically download it from a web server. D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy.   Correct Answer: CD     QUESTION 42 Which two methods are Read more [...]
EnsurepassQUESTION 21 When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.)   A. SMTP B. POP3 C. HTTP D. FTP   Correct Answer: CD     QUESTION 22 Which statement regarding the firewall policy authentication timeout is true?   A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP. B. It is a hard timeout. The Read more [...]
EnsurepassQUESTION 11 Regarding the header and body sections in raw log messages, which statement is correct?   A. The header and body section layouts change depending on the log type. B. The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type. C. Some log types include multiple body sections. D. Some log types do not include a body section.   Correct Answer: B     QUESTION 12 For traffic Read more [...]
EnsurepassQUESTION 1 How is the FortiGate password recovery process?   A. Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry. B. Log in through the console port using the "maintainer" account within several seconds of physically power cycling the FortiGate. C. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password. D. Interrupt the boot sequence and restore a configuration file for which Read more [...]
EnsurepassTopic 10, Application Control     QUESTION 48  (Topic 10)   How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent?   A. Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy. B. Enable the shape option in a firewall policy with service set to BitTorrent. C. Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with Read more [...]
EnsurepassTopic 8, Explicit Proxy     QUESTION 40  (Topic 8)   What is a valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution?   A. Users are required to manually enter their credentials each time they connect to a different web site. B. Proxy users are authenticated via FSSO. C. There are multiple users sharing the same IP address. D. Proxy users are authenticated via RADIUS.   Answer: Read more [...]
EnsurepassTopic 7, Antivirus             QUESTION 34  (Topic 7)   Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.)   A. Manual update by downloading the signatures from the support site. B. Pull updates from the FortiGate. C. Push updates from a FortiAnalyzer. D. execute fortiguard-AV-AS command from the CLI.   Answer: AB     QUESTION 35  (Topic 7)   Which statements Read more [...]
EnsurepassTopic 9, Web Filtering     QUESTION 44  (Topic 9)   Which of the following regular expression patterns make the terms "confidential data" case insensitive?   A. [confidential data] B. /confidential data/i C. i/confidential data/ D. "confidential data"   Answer: B     QUESTION 45  (Topic 9)   Which statements are correct regarding URL filtering on a FortiGate unit? (Choose two.)   A. The allowed actions for URL filtering Read more [...]
EnsurepassTopic 3, Firewall Policies     QUESTION 12  (Topic 3)   Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.)   A. IP address pool. B. Virtual IP address.         C. IP address. D. IP address group. E. MAC address.   Answer: BCD     QUESTION 13  (Topic 3)   Which header field can be used in a firewall policy for traffic matching?   A. ICMP Read more [...]
EnsurepassTopic 4, Firewall Authentication     QUESTION 18  (Topic 4)         Which two statements are true regarding firewall policy disclaimers? (Choose two.)   A. They cannot be used in combination with user authentication. B. They can only be applied to wireless interfaces. C. Users must accept the disclaimer to continue. D. The disclaimer page is customizable.   Answer: CD     QUESTION 19  (Topic 4)   Which statement Read more [...]
EnsurepassTopic 5, SSL VPN     QUESTION 24  (Topic 5)   When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?   A. The remote user's virtual IP address. B. The FortiGate unit's internal IP address. C. The remote user's public IP address. D. The FortiGate unit's external IP address.   Answer: B     QUESTION 25  (Topic 5)   Which two statements are true about Read more [...]
EnsurepassTopic 6, IPSec VPN     QUESTION 29  (Topic 6)   What is IPsec Perfect Forwarding Secrecy (PFS)?.   A. A phase-1 setting that allows the use of symmetric encryption. B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires. C. A `key-agreement' protocol. D. A `security-association-agreement' protocol.   Answer: B     QUESTION 30  (Topic 6)   An administrator wants to create Read more [...]
EnsurepassTopic 2, Logging and Monitoring     QUESTION 8  (Topic 2)   Regarding the header and body sections in raw log messages, which statement is correct?   A. The header and body section layouts change depending on the log type. B. The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type. C. Some log types include multiple body sections. D. Some log types do not include a body section. Read more [...]
EnsurepassTopic 1, Introduction to FortiGate     Exam A   QUESTION 1  (Topic 1)   When creating FortiGate administrative users, which configuration objects specify the account rights?   A. Remote access profiles. B. User groups. C. Administrator profiles. D. Local-in policies.   Answer: C     QUESTION 2  (Topic 1)   Which statements are true regarding the factory default configuration? (Choose three.)   A. The default Read more [...]