Q1. - (Topic 1) 

In order to match an identity-based policy, the FortiGate unit checks the IP information. Once inside the policy, the following logic is followed: 

A. First, a check is performed to determine if the user’s login credentials are valid. Next, the user is checked to determine if they belong to any of the groups defined for that policy. Finally, user restrictions are determined and port, time, and UTM profiles are applied. 

B. First, user restrictions are determined and port, time, and UTM profiles are applied. Next, a check is performed to determine if the user’s login credentials are valid. Finally, the user is checked to determine if they belong to any of the groups defined for that policy. 

C. First, the user is checked to determine if they belong to any of the groups defined for that policy. Next, user restrictions are determined and port, time, and UTM profiles are applied. Finally, a check is performed to determine if the user’s login credentials are valid. 

View Answer

Q2. - (Topic 3) 

A FortiGate administrator configures a Virtual Domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in Web Config in the management VDOM. 

What would be a possible cause for this problem? 

A. The dmz interface is referenced in the configuration of another VDOM. 

B. The administrator does not have the proper permissions to reassign the dmz interface. 

C. Non-management VDOMs can not reference physical interfaces. 

D. The dmz interface is in PPPoE or DHCP mode. 

E. Reassigning an interface to a different VDOM can only be done through the CLI. 

View Answer

Q3. - (Topic 3) 

If Routing Information Protocol (RIP) version 1 or version 2 has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through RIP need to be advertised into Open Shortest Path First (OSPF)? 

A. The FortiGate unit will automatically announce all routes learned through RIP v1 or v2 to its OSPF neighbors. 

B. The FortiGate unit will automatically announce all routes learned only through RIP v2 to its OSPF neighbors. 

C. At a minimum, the network administrator needs to enable Redistribute RIP in the OSPF Advanced Options. 

D. The network administrator needs to configure a RIP to OSPF announce policy as part of the RIP settings. 

E. At a minimum, the network administrator needs to enable Redistribute Default in the OSPF Advanced Options. 

View Answer

Q4. - (Topic 1) 

A FortiGate unit can scan for viruses on which types of network traffic? (Select all that apply.) 

A. POP3 

B. FTP 

C. SMTP 

D. SNMP 

E. NetBios 

View Answer

Q5. - (Topic 2) 

In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate unit when searching for a suitable gateway? 

A. A look-up is done only when the first packet coming from the client (SYN) arrives. 

B. A look-up is done when the first packet coming from the client (SYN) arrives, and a second is performed when the first packet coming from the server (SYNC/ACK) arrives. 

C. A look-up is done only during the TCP 3-way handshake (SYNC, SYNC/ACK, ACK). 

D. A look-up is always done each time a packet arrives, from either the server or the client side. 

View Answer

Q6. - (Topic 1) 

Which of the following items represent the minimum configuration steps an administrator must perform to enable Data Leak Prevention for traffic flowing through the FortiGate unit? (Select all that apply.) 

A. Assign a DLP sensor in a firewall policy. 

B. Apply one or more DLP rules to a firewall policy. 

C. Enable DLP globally using the config sys dlp command in the CLI. 

D. Define one or more DLP rules. 

E. Define a DLP sensor. 

F. Apply a DLP sensor to a DoS sensor policy. 

View Answer

Q7. - (Topic 3) 

Which of the following represents the method used on a FortiGate unit running FortiOS version 4.2 to apply traffic shaping to P2P traffic, such as BitTorrent? 

A. Apply a Traffic Shaper to a BitTorrent entry in an Application Control List. 

B. Enable the Shape option in a Firewall policy with a Service set to BitTorrent. 

C. Define a DLP Rule to match against BitTorrent traffic and include the rule in a DLP Sensor with Traffic Shaping enabled. 

D. Specify the amount of Rate Limiting to be applied to BitTorrent traffic through the P2P settings of the Firewall Policy Protocol Options. 

View Answer

Q8. - (Topic 1) 

Which of the following pieces of information can be included in the Destination Address field of a firewall policy? (Select all that apply.) 

A. An IP address pool. 

B. A virtual IP address. 

C. An actual IP address or an IP address group. 

D. An FQDN or Geographic value(s). 

View Answer

Q9. - (Topic 3) 

Which of the following statements is correct regarding the antivirus scanning function on the FortiGate unit? 

A. Antivirus scanning provides end-to-end virus protection for client workstations. 

B. Antivirus scanning provides virus protection for the HTTP, Telnet, SMTP, and FTP protocols. 

C. Antivirus scanning supports banned word checking. 

D. Antivirus scanning supports grayware protection. 

View Answer

Q10. - (Topic 3) 

In which of the following report templates would you configure the charts to be included in the report? 

A. Layout Template 

B. Data Filter Template 

C. Output Template 

D. Schedule Template 

View Answer