Q1. - (Topic 2) 

Identify the correct properties of a partial mesh VPN deployment: 

A. VPN tunnels interconnect between every single location. 

B. VPN tunnels are not configured between every single location. 

C. Some locations are reached via a hub location. 

D. There are no hub locations in a partial mesh. 

View Answer

Q2. - (Topic 1) 

A FortiAnalyzer device could use which security method to secure the transfer of log data from FortiGate devices? 

A. SSL 

B. IPSec 

C. direct serial connection 

D. S/MIME 

View Answer

Q3. CORRECT TEXT - (Topic 1) 

The __________CLI command is used on the FortiGate unit to run static commands such as ping or to reset the FortiGate unit to factory defaults. 

View Answer

Q4. - (Topic 2) 

In HA, what is the effect of the Disconnect Cluster Member command as given in the Exhibit. 

A. The HA mode changes to standalone. 

B. Port3 is configured with an IP address for management access. 

C. The Firewall rules are purged on the disconnected unit. 

D. All other interface IP settings are maintained. 

View Answer

Q5. - (Topic 3) 

An administrator is examining the attack logs and notices the following entry: 

type=ips subtype=signature pri=alert vd=root serial=1995 attack_id=103022611 src=69.45.64.22 dst=192.168.1.100 src_port=80 dst_port=4887 src_int=wlan dst_int=internal status=detected proto=6 service=4887/tcp user=N/A group=N/A msg=web_client: IE.IFRAME.BufferOverflow.B 

Based on the information displayed in this entry, which of the following statements are correct? (Select all that apply.) 

A. This is an HTTP server attack. 

B. The attack was detected and blocked by the FortiGate unit. 

C. The attack was against a FortiGate unit at the 192.168.1.100 IP address. 

D. The attack was detected and passed by the FortiGate unit. 

View Answer

Q6. - (Topic 3) 

An organization wishes to protect its SIP Server from call flooding attacks. Which of the following configuration changes can be performed on the FortiGate unit to fulfill this requirement? 

A. Apply an application control list which contains a rule for SIP and has the "Limit INVITE Request" option configured. 

B. Enable Traffic Shaping for the appropriate SIP firewall policy. 

C. Reduce the session time-to-live value for the SIP protocol by running the configure system session-ttl CLI command. 

D. Run the set udp-idle-timer CLI command and set a lower time value. 

View Answer

Q7. - (Topic 1) 

Which of the following statements regarding Banned Words are correct? (Select all that apply.) 

A. The FortiGate unit can scan web pages and email messages for instances of banned words. 

B. When creating a banned word list, an administrator can indicate either specific words or patterns. 

C. Banned words can be expressed as wildcards or regular expressions. 

D. Content is automatically blocked if a single instance of a banned word appears. 

E. The FortiGate unit includes a pre-defined library of common banned words. 

View Answer

Q8. - (Topic 1) 

An end user logs into the full-access SSL VPN portal and selects the Tunnel Mode option by clicking on the “Connect” button. The administrator has enabled split tunneling. 

Given that the user authenticates against the SSL VPN policy shown in the image below, which statement below identifies the route that is added to the client’s routing table. 

A. A route to destination matching the ‘WIN2K3’ address object. 

B. A route to the destination matching the ‘all’ address object. 

C. A default route. 

D. No route is added. 

View Answer

Q9. - (Topic 3) 

Which of the following DLP actions will override any other action? 

A. Exempt 

B. Quarantine Interface 

C. Block 

D. None 

View Answer

Q10. - (Topic 2) 

Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. 

Exhibit A shows the command output of 'diag sys session stat' for the STUDENT device. 

Exhibit B shows the command output of 'diag sys session stat' for the REMOTE device. 

Exhibit A: 

Exhibit B: 

Given the information provided in the exhibits, which of the following statements are correct? (Select all that apply.) 

A. STUDENT is likely to be the master device. 

B. Session-pickup is likely to be enabled. 

C. The cluster mode is definitely Active-Passive. 

D. There is not enough information to determine the cluster mode. 

View Answer