Exact2Pass
Refer to the exhibits.
An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?
53
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
29
Which two statements are correct about a software switch on FortiGate? (Choose two.)
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet the above requirement?
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?
84
Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?
113
What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?
30
A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?
Which timeout setting can be responsible for deleting SSL VPN associated sessions?
Refer to the exhibit.
The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.
The WAN (port1) interface has the IP address 10.200. 1. 1/24.
The LAN (port3) interface has the IP address 10.0. 1.254/24.
A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).
Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.
Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0. 1. 10) pings the IP address of Remote-FortiGate (10.200.3. 1)?
27
Which feature in the Security Fabric takes one or more actions based on event triggers?
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
Refer to exhibit.
An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.
Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?
Refer to the exhibit.
Based on the raw log, which two statements are correct? (Choose two.)
Which statement is correct regarding the use of application control for inspecting web applications?
Refer to the exhibit.
Which contains a session list output. Based on the information shown in the exhibit, which statement is true?
On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?
73
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
Refer to the exhibit showing a debug flow output.
Which two statements about the debug flow output are correct? (Choose two.)
40
Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?
Examine this PAC file configuration.
Which of the following statements are true? (Choose two.)
Refer to the exhibit.
Based on the ZTNA tag, the security posture of the remote endpoint has changed.
What will happen to endpoint active ZTNA sessions?
Refer to the exhibit.
The exhibit shows the IPS sensor configuration.
If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)
Refer to the web filter raw logs.
Based on the raw logs shown in the exhibit, which statement is correct?
108
Which statement about the IP authentication header (AH) used by IPsec is true?
Refer to the exhibit.
The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem .
With this configuration, which statement is true?
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.
Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?
Refer to the exhibit.
Which contains a session diagnostic output. Which statement is true about the session diagnostic output?
87
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
7
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)
31
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?
Refer to the exhibit.
Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
Refer to the exhibits.
Exhibit A shows a topology for a FortiGate HA cluster that performs proxy-based inspection on traffic. Exhibit B shows the HA configuration and the partial output of the get system ha status command.
Based on the exhibits, which two statements about the traffic passing through the cluster are true? (Choose two.)
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)
Refer to the exhibit.
Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
17
In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)
An administrator needs to increase network bandwidth and provide redundancy.
What interface type must the administrator select to bind multiple FortiGate interfaces?
11
Which of the following are purposes of NAT traversal in IPsec? (Choose two.)
94
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?
Refer to the exhibit.
Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?
Refer to the exhibits.
The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook .
Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.
Which part of the policy configuration must you change to resolve the issue?