Q1. - (Topic 15) 

Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit below. 

Which statements are correct regarding this output? (Choose two.) 

A. The connecting client has been allocated address 172.20.1.1. 

B. In the Phase 1 settings, dead peer detection is enabled. 

C. The tunnel is idle. 

D. The connecting client has been allocated address 10.200.3.1. 

View Answer

Q2. - (Topic 7) 

Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.) 

A. Manual update by downloading the signatures from the support site. 

B. Pull updates from the FortiGate. 

C. Push updates from a FortiAnalyzer. 

D. execute fortiguard-AV-AS command from the CLI. 

View Answer

Q3. - (Topic 20) 

In which process states is it impossible to interrupt/kill a process? (Choose two.) 

A. S – Sleep 

B. R – Running 

C. D – Uninterruptable Sleep 

D. Z – Zombie 

View Answer

Q4. - (Topic 14) 

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device. 

Exhibit A: 

Exhibit B 

Which one of the following is the most likely reason that the cluster fails to form? 

A. Password 

B. HA mode 

C. Hearbeat 

D. Override 

View Answer

Q5. - (Topic 7) 

Which statement is correct regarding virus scanning on a FortiGate unit? 

A. Virus scanning is enabled by default. 

B. Fortinet customer support enables virus scanning remotely for you. 

C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy. 

D. Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate. 

View Answer

Q6. - (Topic 13) 

Examine the following spanning tree configuration on a FortiGate in transparent mode: 

config system interface 

edit <interface name> 

set stp-forward enable 

end 

Which statement is correct for the above configuration? 

A. The FortiGate participates in spanning tree. 

B. The FortiGate device forwards received spanning tree messages. 

C. Ethernet layer-2 loops are likely to occur. 

D. The FortiGate generates spanning tree BPDU frames. 

View Answer

Q7. - (Topic 11) 

Examine the exhibit; then answer the question below. 

The Vancouver FortiGate initially had the following information in its routing table: S 172.20.0.0/16 [10/0] via 172.21.1.2, port2 

C 172.21.0.0/16 is directly connected, port2 C 172.11.11.0/24 is directly connected, port1 Afterwards, the following static route was added: config router static edit 6 set dst 172.20.1.0 255.255.255.0 set pririoty 0 set device port1 set gateway 172.11.12.1 next end Since this change, the new static route is NOT showing up in the routing table. Given the 

information provided, which of the following describes the cause of this problem? 

A. The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first. 

B. The 'gateway' IP address is NOT in the same subnet as the IP address of port1. 

C. The priority is 0, which means that the route will remain inactive. 

D. The static route configuration is missing the distance setting. 

View Answer

Q8. - (Topic 12) 

A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM. 

What would be a possible cause for this problem? 

A. The administrator does not have the proper permissions to reassign the dmz interface. 

B. The dmz interface is referenced in the configuration of another VDOM. 

C. Non-management VDOMs cannot reference physical interfaces. 

D. The dmz interface is in PPPoE or DHCP mode. 

View Answer

Q9. - (Topic 13) 

In transparent mode, forward-domain is an CLI setting associate with ______________. 

A. a static route. 

B. a firewall policy. 

C. an interface. 

D. a virtual domain. 

View Answer

Q10. - (Topic 5) 

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request? 

A. The remote user's virtual IP address. 

B. The FortiGate unit's internal IP address. 

C. The remote user's public IP address. 

D. The FortiGate unit's external IP address. 

View Answer