EnsurepassQUESTION 61 Examine the exhibit; then answer the question below.     The Vancouver FortiGate initially had the following information in its routing table:   S 172.20.0.0/16 [10/0] via 172.21.1.2, port2   C 172.21.0.0/16 is directly connected, port2   C 172.11.11.0/24 is directly connected, port1   Afterwards, the following static route was added:   config router static   edit 6   set dst 172.20.1.0 255.255.255.0   set pririoty 0   Read more [...]
EnsurepassQUESTION 71 In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?   A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server. B. Request: internal host; slave FortiGate; Internet; web server. C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server. D. Request: internal host; master Read more [...]
EnsurepassQUESTION 51 A static route is configured for a FortiGate unit from the CLI using the following commands:   config router static   edit 1   set device "wan1"   set distance 20   set gateway 192.168.100.1   next   end   Which of the following conditions are required for this static default route to be displayed in the FortiGate unit's routing table? (Choose two.)   A. The administrative status of the wan1 interface is displayed as down. Read more [...]
EnsurepassQUESTION 61 Examine the exhibit; then answer the question below.     The Vancouver FortiGate initially had the following information in its routing table:   S 172.20.0.0/16 [10/0] via 172.21.1.2, port2   C 172.21.0.0/16 is directly connected, port2   C 172.11.11.0/24 is directly connected, port1   Afterwards, the following static route was added:   config router static   edit 6   set dst 172.20.1.0 255.255.255.0   set pririoty 0   Read more [...]
EnsurepassQUESTION 31 An administrator wants to create an IPsec VPN tunnel between two FortiGate devices. Which three configuration steps must be performed on both units to support this scenario? (Choose three.)   A. Create firewall policies to allow and control traffic between the source and destination IP addresses. B. Configure the appropriate user groups to allow users access to the tunnel. C. Set the operating mode to IPsec VPN mode. D. Define the phase 2 parameters. E. Read more [...]
EnsurepassQUESTION 41 Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.)   A. Only one proxy is supported. B. Can be manually imported to the browser. C. The browser can automatically download it from a web server. D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy.   Correct Answer: CD     QUESTION 42 Which two methods are Read more [...]
EnsurepassQUESTION 21 When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.)   A. SMTP B. POP3 C. HTTP D. FTP   Correct Answer: CD     QUESTION 22 Which statement regarding the firewall policy authentication timeout is true?   A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP. B. It is a hard timeout. The Read more [...]
EnsurepassQUESTION 11 Regarding the header and body sections in raw log messages, which statement is correct?   A. The header and body section layouts change depending on the log type. B. The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type. C. Some log types include multiple body sections. D. Some log types do not include a body section.   Correct Answer: B     QUESTION 12 For traffic Read more [...]
EnsurepassQUESTION 1 How is the FortiGate password recovery process?   A. Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry. B. Log in through the console port using the "maintainer" account within several seconds of physically power cycling the FortiGate. C. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password. D. Interrupt the boot sequence and restore a configuration file for which Read more [...]
EnsurepassTopic 10, Application Control     QUESTION 48  (Topic 10)   How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent?   A. Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy. B. Enable the shape option in a firewall policy with service set to BitTorrent. C. Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with Read more [...]
EnsurepassTopic 8, Explicit Proxy     QUESTION 40  (Topic 8)   What is a valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution?   A. Users are required to manually enter their credentials each time they connect to a different web site. B. Proxy users are authenticated via FSSO. C. There are multiple users sharing the same IP address. D. Proxy users are authenticated via RADIUS.   Answer: Read more [...]