Q1. View the exhibit.

Which statements about the exhibit are true? (Choose two.)

A. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.

B. port1-VLAN1 is the native VLAN for the port1 physical interface.

C. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.

D. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.

View Answer

Q2. Which statement is true regarding the policy ID numbers of firewall policies?

A. Change when firewall policies are re-ordered.

B. Defines the order in which rules are processed.

C. Are required to modify a firewall policy from the CLI.

D. Represent the number of objects used in the firewall policy.

View Answer

Q3. An administrator has configured a dialup IPsec VPN with XAuth. Which method statement best describes this scenario?

A. Only digital certificates will be accepted as an authentication method in phase 1.

B. Dialup clients must provide a username and password for authentication.

C. Phase 1 negotiations will skip pre-shared key exchange.

D. Dialup clients must provide their local ID during phase 2 negotiations.

View Answer

Q4. A FortiGate interface is configured with the following commands:

What statements about the configuration are correct? (Choose two.)

A. IPv6 clients connected to port1 can use SLAAC to generate their IPv6 addresses.

B. FortiGate can provide DNS settings to IPv6 clients.

C. FortiGate can send IPv6 router advertisements (RAs.)

D. FortiGate can provide IPv6 addresses to DHCPv6 client.

View Answer

Q5. What methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)

A. Code blocks

B. SMS phone message

C. FortiToken

D. Browser pop-up window

E. Email

View Answer

Q6. Which of the following statements are true when using Web Proxy Auto-discovery Protocol (WPAD) with the DHCP discovery method? (Choose two.)

A. The browser sends a DHCPINFORM request to the DHCP server.

B. The browser will need to be preconfigured with the DHCP serveru2021s IP address.

C. The DHCP server provides the PAC file for download.

D. If the DHCP method fails, browsers will try the DNS method.

View Answer

Q7. You are tasked to architect a new IPsec deployment with the following criteria:

- There are two HQ sites that all satellite offices must connect to.

- The satellite offices do not need to communicate directly with other satellite offices.

- No dynamic routing will be used.

- The design should minimize the number of tunnels being configured. Which topology should be used to satisfy all of the requirements?

A. Redundant

B. Hub-and-spoke

C. Partial mesh

D. Fully meshed

View Answer

Q8. How does FortiGate select the central SNAT policy that is applied to a TCP session?

A. It selects the SNAT policy specified in the configuration of the outgoing interface.

B. It selects the first matching central-SNAT policy from top to bottom.

C. It selects the central-SNAT policy with the lowest priority.

D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

View Answer

Q9. Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)

A. FQDN address

B. IP pool

C. User or user group

D. Firewall service

View Answer

Q10. Which statement is correct based on this configuration?

A. The MAC address 00:0c:29:29:38:da belongs to the port1 interface.

B. Access to the network is blocked for the devices with the MAC address 00:0c:29:29:38:da and the IP address 10.0.1.254.

C. 00:0c:29:29:38:da is the virtual MAC address assigned to the secondary IP address (10.0.1.254) of the port1 interface.

D. The IP address 10.0.1.254 is reserves for the device with the MAC address 00:0c:29:29:38:da.

View Answer