Q1. - (Topic 1) 

Caching improves performance by reducing FortiGate unit requests to the FortiGuard server. 

Which of the following statements are correct regarding the caching of FortiGuard responses? (Select all that apply.) 

A. Caching is available for web filtering, antispam, and IPS requests. 

B. The cache uses a small portion of the FortiGate system memory. 

C. When the cache is full, the least recently used IP address or URL is deleted from the cache. 

D. An administrator can configure the number of seconds to store information in the cache before the FortiGate unit contacts the FortiGuard server again. 

E. The size of the cache will increase to accomodate any number of cached queries. 

View Answer

Q2. - (Topic 3) 

WAN optimization is configured in Active/Passive mode. When will the remote peer accept an attempt to initiate a tunnel? 

A. The attempt will be accepted when the request comes from a known peer and there is a matching WAN optimization passive rule. 

B. The attempt will be accepted when there is a matching WAN optimization passive rule. 

C. The attempt will be accepted when the request comes from a known peer. 

D. The attempt will be accepted when a user on the remote peer accepts the connection request. 

View Answer

Q3. - (Topic 1) 

Which of the following items is NOT a packet characteristic matched by a firewall service object? 

A. ICMP type and code 

B. TCP/UDP source and destination ports 

C. IP protocol number 

D. TCP sequence number 

View Answer

Q4. - (Topic 1) 

Alert emails enable the FortiGate unit to send email notifications to an email address upon detection of a pre-defined event type. Which of the following are some of the available event types in Web Config? (Select all that apply.) 

A. Intrusion detected. 

B. Successful firewall authentication. 

C. Oversized file detected. 

D. DHCP address assigned. 

E. FortiGuard Web Filtering rating error detected. 

View Answer

Q5. - (Topic 1) 

The FortiGate unit’s GUI provides a link to update the firmware. 

Clicking this link will perform which of the following actions? 

A. It will connect to the Fortinet Support site where the appropriate firmware version can be selected. 

B. It will send a request to the FortiGuard Distribution Network so that the appropriate firmware version can be pushed down to the FortiGate unit. 

C. It will present a prompt to allow browsing to the location of the firmware file. 

D. It will automatically connect to the Fortinet Support site to download the most recent firmware version for the FortiGate unit. 

View Answer

Q6. - (Topic 3) 

Which of the following statements is correct regarding the NAC Quarantine feature? 

A. With NAC quarantine, files can be quarantined not only as a result of antivirus scanning, but also for other forms of content inspection such as IPS and DLP. 

B. NAC quarantine does a client check on workstations before they are permitted to have administrative access to FortiGate. 

C. NAC quarantine allows administrators to isolate clients whose network activity poses a security risk. 

D. If you chose the quarantine action, you must decide whether the quarantine type is NAC quarantine or File quarantine. 

View Answer

Q7. - (Topic 1) 

Which of the following Fortinet products can receive updates from the FortiGuard Distribution Network? (Select all that apply.) 

A. FortiGate 

B. FortiClient 

C. FortiMail 

D. FortiAnalyzer 

View Answer

Q8. - (Topic 1) 

The default administrator profile that is assigned to the default "admin" user on a FortGate device is:____________________. 

A. trusted-admin 

B. super_admin 

C. super_user 

D. admin 

E. fortinet-root 

View Answer

Q9. - (Topic 2) 

Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit. 

Which of the following statements is correct regarding this output? (Select one answer). 

A. One tunnel is rekeying 

B. Two tunnels are rekeying 

C. Two tunnels are up 

D. One tunnel is up 

View Answer

Q10. - (Topic 3) 

Which spam filter is not available on a FortiGate device? 

A. Sender IP reputation database 

B. URLs included in the body of known SPAM messages. 

C. Email addresses included in the body of known SPAM messages. 

D. Spam object checksums 

E. Spam grey listing 

View Answer