New Questions 1

Examine the exhibit, which contains a virtual IP and a firewall policy configuration.

The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP address 10.0.1.254/24.

The top firewall policy has NAT enabled using outgoing interface address. The second firewall policy configured with a virtual IP (VIP) as the destination address.

Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

A. 10.200.1.1

B. 10.0.1.254

C. Any available IP address in the WAN(port1) subnet 10.200.1.0/24

D. 10.200.1.10

View Answer

New Questions 2

What FortiGate feature can be used to allow IPv6 clients to connect to IPv4 servers?

A. IPv6-over-IPv4 IPsec

B. NAT64

C. IPv4-over-IPv6 IPsec

D. NAT66

View Answer

New Questions 3

Which of the following statements describe WMI polling mode for FSSO collector agent? (Choose two.)

A. The collector agent does not need to search any security event logs.

B. WMI polling can increase bandwidth usage with large networks.

C. The NetSessionEnum function is used to track user logoffs.

D. The collector agent uses a Windows API to query DCs for user logins.

View Answer

New Questions 4

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

B. ADVPN is only supported with IKEv2.

C. Tunnels are negotiated dynamically between spokes.

D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

View Answer

New Questions 5

An administrator has created a custom IPS signature. Where does the custom IPS signature have to be applied?

A. In an IPS sensor

B. In an interface.

C. In a DoS policy.

D. In an application control profile.

View Answer

New Questions 6

Which of the following statements about central NAT are true? (Choose two.)

A. IP tool references must be removed from existing firewall policies before enabling central NAT.

B. Central NAT can be enabled or disabled from the CLI only.

C. Source NAT, using central NAT, requires at least one central SNAT policy.

D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall policy.

View Answer

New Questions 7

Which statements about an IPv6-over-IPv4 IPsec configuration are correct? (Choose two.)

A. The remote gateway IP must be an IPv6 address.

B. The source quick mode selector must be an IPv4 address.

C. The local gateway IP must an IPv4 address.

D. The destination quick mode selector must be an IPv6 address.

View Answer

New Questions 8

Which statements about the output are correct? (Choose two.)

A. FortiGate received a TCP SYN/ACK packet.

B. The source IP address of the packet was translated to 10.0.1.10.

C. FortiGate routed the packet through port 3.

D. The packet was allowed by the firewall policy with the ID 00007fc0.

View Answer

New Questions 9

Which statements about IP-based explicit proxy authentication are true? (Choose two.)

A. IP-based authentication is best suited to authenticating users behind a NAT device.

B. Sessions from the same source address are treated as a single user.

C. IP-based authentication consumes less FortiGateu2021s memory than session-based authentication.

D. FortiGate remembers authenticated sessions using browser cookies.

View Answer

New Questions 10

Which statements about FortiGate inspection modes are true? (Choose two.)

A. The default inspection mode is proxy based.

B. Switching from proxy-based mode to flow-based, then back to proxy-based mode, will not result in the original configuration.

C. Proxy-based inspection is not available in VDOMs operating in transparent mode.

D. Flow-based profiles must be manually converted to proxy-based profiles before changing the inspection mode from flow based to proxy based.

View Answer