Q1. - (Topic 15)
Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit below.
Which statements are correct regarding this output? (Choose two.)
A. The connecting client has been allocated address 172.20.1.1.
B. In the Phase 1 settings, dead peer detection is enabled.
C. The tunnel is idle.
D. The connecting client has been allocated address 10.200.3.1.
Answer: A,B
Q2. - (Topic 7)
Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.)
A. Manual update by downloading the signatures from the support site.
B. Pull updates from the FortiGate.
C. Push updates from a FortiAnalyzer.
D. execute fortiguard-AV-AS command from the CLI.
Answer: A,B
Q3. - (Topic 20)
In which process states is it impossible to interrupt/kill a process? (Choose two.)
A. S – Sleep
B. R – Running
C. D – Uninterruptable Sleep
D. Z – Zombie
Answer: C,D
Q4. - (Topic 14)
Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device.
Exhibit A:
Exhibit B
Which one of the following is the most likely reason that the cluster fails to form?
A. Password
B. HA mode
C. Hearbeat
D. Override
Answer: B
Q5. - (Topic 7)
Which statement is correct regarding virus scanning on a FortiGate unit?
A. Virus scanning is enabled by default.
B. Fortinet customer support enables virus scanning remotely for you.
C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy.
D. Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate.
Answer: C
Q6. - (Topic 13)
Examine the following spanning tree configuration on a FortiGate in transparent mode:
config system interface
edit <interface name>
set stp-forward enable
end
Which statement is correct for the above configuration?
A. The FortiGate participates in spanning tree.
B. The FortiGate device forwards received spanning tree messages.
C. Ethernet layer-2 loops are likely to occur.
D. The FortiGate generates spanning tree BPDU frames.
Answer: B
Q7. - (Topic 11)
Examine the exhibit; then answer the question below.
The Vancouver FortiGate initially had the following information in its routing table: S 172.20.0.0/16 [10/0] via 172.21.1.2, port2
C 172.21.0.0/16 is directly connected, port2 C 172.11.11.0/24 is directly connected, port1 Afterwards, the following static route was added: config router static edit 6 set dst 172.20.1.0 255.255.255.0 set pririoty 0 set device port1 set gateway 172.11.12.1 next end Since this change, the new static route is NOT showing up in the routing table. Given the
information provided, which of the following describes the cause of this problem?
A. The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.
B. The 'gateway' IP address is NOT in the same subnet as the IP address of port1.
C. The priority is 0, which means that the route will remain inactive.
D. The static route configuration is missing the distance setting.
Answer: B
Q8. - (Topic 12)
A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM.
What would be a possible cause for this problem?
A. The administrator does not have the proper permissions to reassign the dmz interface.
B. The dmz interface is referenced in the configuration of another VDOM.
C. Non-management VDOMs cannot reference physical interfaces.
D. The dmz interface is in PPPoE or DHCP mode.
Answer: B
Q9. - (Topic 13)
In transparent mode, forward-domain is an CLI setting associate with ______________.
A. a static route.
B. a firewall policy.
C. an interface.
D. a virtual domain.
Answer: C
Q10. - (Topic 5)
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?
A. The remote user's virtual IP address.
B. The FortiGate unit's internal IP address.
C. The remote user's public IP address.
D. The FortiGate unit's external IP address.
Answer: B