Q1. - (Topic 6) 

An administrator wants to create an IPsec VPN tunnel between two FortiGate devices. 

Which three configuration steps must be performed on both units to support this scenario? (Choose three.) 

A. Create firewall policies to allow and control traffic between the source and destination IP addresses. 

B. Configure the appropriate user groups to allow users access to the tunnel. 

C. Set the operating mode to IPsec VPN mode. 

D. Define the phase 2 parameters. 

E. Define the Phase 1 parameters. 

View Answer

Q2. - (Topic 22) 

Which statements are true about offloading antivirus inspection to a Security Processor (SP)? (Choose two.) 

A. Both proxy-based and flow-based inspection are supported. 

B. A replacement message cannot be presented to users when a virus has been detected. 

C. It saves CPU resources. 

D. The ingress and egress interfaces can be in different SPs. 

View Answer

Q3. - (Topic 7) 

A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. 

Which are two reasons for this problem? (Choose two.) 

A. The FortiGate is connected to multiple ISPs. 

B. There is a NAT device between the FortiGate and the FortiGuard Distribution Network. 

C. The FortiGate is in Transparent mode. 

D. The external facing interface of the FortiGate is configured to get the IP address from a DHCP server. 

View Answer

Q4. - (Topic 20) 

In which process states is it impossible to interrupt/kill a process? (Choose two.) 

A. S – Sleep 

B. R – Running 

C. D – Uninterruptable Sleep 

D. Z – Zombie 

View Answer

Q5. - (Topic 14) 

An administrator has formed a high availability cluster involving two FortiGate units. 

[ Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ] 

The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster. 

Which of the following options describes the best step the administrator can take? 

The administrator should _____________________. 

A. Increase the number of FortiGate units in the cluster and configure HA in active-active mode. 

B. Enable monitoring of all active interfaces. 

C. Set up a full-mesh design which uses redundant interfaces. 

D. Configure the HA ping server feature to allow for HA failover in the event that a path is disrupted. 

View Answer

Q6. - (Topic 1) 

How is the FortiGate password recovery process? 

A. Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry. 

B. Log in through the console port using the “maintainer” account within several seconds of physically power cycling the FortiGate. 

C. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password. 

D. Interrupt the boot sequence and restore a configuration file for which the password has 

been modified. 

View Answer

Q7. - (Topic 13) 

Which statements correctly describe transparent mode operation? (Choose three.) 

A. The FortiGate acts as transparent bridge and forwards traffic at Layer-2. 

B. Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses. 

C. The transparent FortiGate is clearly visible to network hosts in an IP trace route. 

D. Permits inline traffic inspection and firewalling without changing the IP scheme of the network. 

E. All interfaces of the transparent mode FortiGate device must be on different IP subnets. 

View Answer

Q8. - (Topic 6) 

Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?. 

A. Policy-based only. 

B. Route-based only. 

C. Either policy-based or route-based VPN. 

D. GRE-based only. 

View Answer

Q9. - (Topic 15) 

Which statement is an advantage of using a hub and spoke IPsec VPN configuration 

instead of a fully-meshed set of IPsec tunnels? 

A. Using a hub and spoke topology provides full redundancy. 

B. Using a hub and spoke topology requires fewer tunnels. 

C. Using a hub and spoke topology uses stronger encryption protocols. 

D. Using a hub and spoke topology requires more routes. 

View Answer

Q10. - (Topic 22) 

Which IP packets can be hardware-accelerated by a NP6 processor? (Choose two.) 

A. Fragmented packet. 

B. Multicast packet. 

C. SCTP packet. 

D. GRE packet. 

View Answer