New Questions 5

Which statement about this configuration is correct?

A. The FortiGate generates spanning tree BPDU frames.

B. The FortiGate device forwards received spanning tree BPDU frames.

C. The FortiGate can block an interface if a layer-2 loop is detected.

D. Ethernet layer-2 loops are likely to occur.

View Answer

New Questions 6

Which statements are correct based on this output? (Choose two.)

A. The global configuration is synchronized between the primary and secondary FortiGate.

B. The all VDOM is not synchronized between the primary and secondary FortiGate.

C. The root VDOM is not synchronized between the primary and secondary FortiGate.

D. The FortiGates have three VDOMs.

View Answer

New Questions 7

Which of the following statements about advanced AD access mode for FSSO collector agent are true? (Choose two.)

A. It is only supported if DC agents are deployed.

B. FortiGate can act as an LDAP client configure the group filters.

C. It supports monitoring of nested groups.

D. It uses the Windows convention for naming, that is, DomainUsername.

View Answer

New Questions 8

If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does the FortiGate take?

A. It blocks all future traffic for that IP address for a configured interval.

B. It archives the data for that IP address.

C. It provides a DLP block replacement page with a link to download the file.

D. It notifies the administrator by sending an email.

View Answer

New Questions 9

An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?

A. A phase 2 configuration is not required.

B. This VPN cannot be used as part of a hub and spoke topology.

C. The IPsec firewall policies must be placed at the top of the list.

D. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

View Answer

New Questions 10

What traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

A. Traffic to inappropriate web sites

B. SQL injection attacks

C. Server information disclosure attacks

D. Credit card data leaks

E. Traffic to botnet command and control (C&C) servers

View Answer

New Questions 11

Examine this output from the diagnose sys top command:

Which statements about the output are true? (Choose two.)

A. sshd is the process consuming most memory

B. sshd is the process consuming most CPU

C. All the processes listed are in sleeping state

D. The sshd process is using 123 pages of memory

View Answer

New Questions 12

What does the configuration do? (Choose two.)

A. Reduces the amount of logs generated by denied traffic.

B. Enforces device detection on all interfaces for 30 minutes.

C. Blocks denied users for 30 minutes.

D. Creates a session for traffic being denied.

View Answer

New Questions 13

An administrator has enabled proxy-based antivirus scanning and configured the following settings:

Which statement about the above configuration is true?

A. Files bigger than 10 MB are not scanned for viruses and will be blocked.

B. FortiGate scans only the first 10 MB of any file.

C. Files bigger than 10 MB are sent to the heuristics engine for scanning.

D. FortiGate scans the files in chunks of 10 MB.

View Answer

New Questions 14

What are the purposes of NAT traversal in IPsec? (Choose two.)

A. To detect intermediary NAT devices in the tunnel path.

B. To encapsulate ESP packets in UDP packets using port 4500.

C. To force a new DH exchange with each phase 2 re-key

D. To dynamically change phase 1 negotiation mode to Aggressive.

View Answer