Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement is correct regarding this command?

A.

Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.

B.

Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

C.

Sends a link failed signal to all connected devices.

D.

Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.

Full Access
Question # 5

Refer to the exhibit, which shows a session entry. Which statement about this session is true?

A.

It is an ICMP session from 10.1.10.10 to 10.200.5. 1.

B.

It is a TCP session in close_wait state, from 10. l. 10.10 to 10.200.1.1.

C.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

D.

It is a TCP session in the established state, from 10.1.10.10 to 10.200.5.1.

Full Access
Question # 6

Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?

A.

Group ID.

B.

Group name.

C.

Session pickup.

D.

Gratuitous ARPs.

Full Access
Question # 7

Which two statements about conserve mode are true? (Choose two.)

A.

FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.

B.

FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

C.

FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.

D.

FortiGate exits conserve mode when the system memory goes below the configured green threshold.

Full Access
Question # 8

When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI) extension?

A.

FortiGate uses CN information from the Subject field in the server’s certificate.

B.

FortiGate switches to the full SSL inspection method to decrypt the data.

C.

FortiGate blocks the request without any further inspection.

D.

FortiGate uses the requested URL from the user’s web browser.

Full Access
Question # 9

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

A.

For the peer 10.125.0.60, the BGP state of is Established.

B.

The local BGP peer has received a total of three BGP prefixes.

C.

Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.

D.

The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.

Full Access
Question # 10

An administrator added the following Ipsec VPN to a FortiGate configuration:

configvpn ipsec phasel -interface

edit "RemoteSite"

set type dynamic

set interface "portl"

set mode main

set psksecret ENC LCVkCiK2E2PhVUzZe

next

end

config vpn ipsec phase2-interface

edit "RemoteSite"

set phasel name "RemoteSite"

set proposal 3des-sha256

next

end

However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit.

What is causing the IPsec problem in the phase 1 ?

A.

The incoming IPsec connection is matching the wrong VPN configuration

B.

The phrase-1 mode must be changed to aggressive

C.

The pre-shared key is wrong

D.

NAT-T settings do not match

Full Access
Question # 11

View the exhibit, which contains the output of a diagnose command, and the answer the question below.

Which statements are true regarding the Weight value?

A.

Its initial value is calculated based on the round trip delay (RTT).

B.

Its initial value is statically set to 10.

C.

Its value is incremented with each packet lost.

D.

It determines which FortiGuard server is used for license validation.

Full Access
Question # 12

View the exhibit, which contains the output of a real-time debug, Which statement about this output is true?

Which of the following statements is true regarding this output?

A.

The requested URL belongs to category ID 255.

B.

The server hostname Is training, fortinet.com.

C.

FortiGate found the requested URL in its local cache.

D.

This web request was inspected using the ftgd-allow web filler profile.

Full Access
Question # 13

Refer to the exhibit, which shows a partial web filter profile configuration.

Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

A.

FortiGate will block the connection, based on the FortiGuard category based filter configuration.

B.

FortiGate will block the connection as an invalid URL.

C.

FortiGate will exempt the connection, based on the Web Content Filter configuration.

D.

FortiGate will allow the connection, based on the URL Filter configuration.

Full Access
Question # 14

View the exhibit, which contains the output of a diagnose command, and then answer the question below.

What statements are correct regarding the output? (Choose two.)

A.

This is an expected session created by a session helper.

B.

Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.

C.

Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.

D.

This is an expected session created by an application control profile.

Full Access
Question # 15

A FortiGate device has the following LDAP configuration:

The administrator executed the ‘dsquery’ command in the Windows LDAp server 10.0.1.10, and got the following output:

>dsquery user –samid administrator

“CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab”

Based on the output, what FortiGate LDAP setting is configured incorrectly?

A.

cnid.

B.

username.

C.

password.

D.

dn.

Full Access
Question # 16

Which two conditions would prevent a static route from being added to the routing table? (Choose two.)

A.

There is another other route to the same destination, with a lower distance.

B.

The route has a lower priority value than another route to the same destination.

C.

The next-hop IP address is unreachable.

D.

The interface specified in the route configuration is down

Full Access
Question # 17

Refer to exhibit, which contains the output of a BGP debug command.

Which statement explains why the state of the 10.200.3.1 peer is Connect?

A.

The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the OpenConfirm yet.

B.

The TCP session to 10.200.3.1 has not completed the three-way handshake.

C.

The local router is receiving the BGP keepalives from the peer, but it has not received a BGP prefix yet.

D.

The local router has received the BGP prefixes from the remote peer.

Full Access
Question # 18

View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.

Based on the output, which of the following statements is correct?

A.

Anti-reply is enabled.

B.

DPD is disabled.

C.

Quick mode selectors are disabled.

D.

Remote gateway IP is 10.200.5.1.

Full Access
Question # 19

Examine the following partial output from two system debug commands; then answer the question below.

Which of the following statements are true regarding the above outputs? (Choose two.)

A.

The unit is running a 32-bit FortiOS

B.

The unit is in kernel conserve mode

C.

The Cached value is always the Active value plus the Inactive value

D.

Kernel indirectly accesses the low memory (LowTotal) through memory paging

Full Access
Question # 20

Refer to the exhibit, which contains the partial output of a diagnose command.

Based on the output, which two statements are correct? (Choose two.)

A.

Anti-replay is enabled.

B.

DPD is disabled.

C.

Remote gateway IP is 10.200.4.1.

D.

Quick mode selectors are disabled.

Full Access
Question # 21

Refer to the exhibit, which shows the output of diagnose sys session stat.

Which statement about the output shown in the exhibit is correct?

A.

There are two sessions that have not been removed in case of any out-of-order packets that arrive.

B.

There are 166 TCP sessions waiting to complete the three-way handshake.

C.

162 sessions have been deleted because of memory page exhaustion.

D.

All the sessions in the session table are TCP sessions.

Full Access
Question # 22

In which two ways does FortiManager function when it is deployed as a local FDS? (Choose two.)

A.

It provides VM license validation services.

B.

It supports rating requests from non-FortiGate devices.

C.

It caches available firmware updates for unmanaged devices.

D.

It can be configured as an update server, a rating server, or both.

Full Access
Question # 23

Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

A.

Primary unit stops sending HA heartbeat keepalives.

B.

The FortiGuard license for the primary unit is updated.

C.

One of the monitored interfaces in the primary unit is disconnected.

D.

A secondary unit is removed from the HA cluster.

Full Access
Question # 24

Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:

Which statements are true regarding the output in the exhibit? (Choose two.)

A.

BGP peers have successfully interchanged Open and Keepalive messages.

B.

Local BGP peer received a prefix for a default route.

C.

The state of the remote BGP peer is OpenConfirm.

D.

The state of the remote BGP peer will go to Connect after it confirms the received prefixes.

Full Access