Question No: 7

Which of the following statements are true? (Choose two.)

A. Browsers can be configured to retrieve this PAC file from the FortiGate.

B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

C. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.

D. Any web request fortinet.com is allowed to bypass the proxy.

View Answer

Question No: 8

Under what circumstance would you enable LEARN as the Action on a firewall policy?

A. You want FortiGate to compile security feature activity from various security-related logs, such as virus and attack logs.

B. You want FortiGate to monitor a specific security profile in a firewall policy, and provide recommendations for that profile.

C. You want to capture data across all traffic and security vectors, and receive learning logs and a report with recommendations.

D. You want FortiGate to automatically modify your firewall policies as it learns your networking behavior.

View Answer

Question No: 9

How do you configure inline SSL inspection on a firewall policy? (Choose two.)

A. Enable one or more flow-based security profiles on the firewall policy.

B. Enable the SSL/SSH Inspection profile on the firewall policy.

C. Execute the inline ssl inspection CLI command.

D. Enable one or more proxy-based security profiles on the firewall policy.

View Answer

Question No: 10

How can you format the FortiGate flash disk?

A. Load the hardware test (HQIP) image.

B. Execute the CLI command execute formatlogdisk.

C. Load a debug FortiOS image.

D. Select the format boot device option from the BIOS menu.

View Answer

Question No: 11

Which statement about data leak prevention (DLP) on a FortiGate is true?

A. Traffic shaping can be applied to DLP sensors.

B. It can be applied to a firewall policy in a flow-based VDOM.

C. Files can be sent to FortiSandbox for detecting DLP threats.

D. It can archive files and messages.

View Answer

Question No: 12

An administrator needs to be able to view logs for application usage on your network. What configurations are required to ensure that FortiGate generates logs for application usage activity? (Choose two.)

A. Enable a web filtering profile on the firewall policy.

B. Create an application control policy.

C. Enable logging on the firewall policy.

D. Enable an application control security profile on the firewall policy.

View Answer

Question No: 13

An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN. How can this be achieved?

A. Disabling split tunneling

B. Configuring web bookmarks

C. Assigning public IP addresses to SSL VPN clients

D. Using web-only mode

View Answer

Question No: 14

Which statements about antivirus scanning using flow-based full scan are true? (Choose two.)

A. The antivirus engine starts scanning a file after the last packet arrives.

B. It does not support FortiSandbox inspection.

C. FortiGate can insert the block replacement page during the first connection attempt only if a virus is detected at the start of the TCP stream.

D. It uses the compact antivirus database.

View Answer

Question No: 15

View the exhibit.

The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output:

What should be done next to troubleshoot the problem?

A. Execute another sniffer in the FortiGate, this time with the filter u201chost 10.0.1.10u201d.

B. Run a sniffer in the web server.

C. Capture the traffic using an external sniffer connected to port1.

D. Execute a debug flow.

View Answer

Question No: 16

Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

A. They support GRE-over-IPsec.

B. They can be configured in both NAT/Route and transparent operation modes.

C. They require two firewall policies: one for each direction of traffic flow.

D. They support L2TP-over-IPsec.

View Answer