Q1. - (Topic 1) 

Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the feature will function. How are UTM features applied to traffic? 

A. One or more UTM features are enabled in a firewall policy. 

B. In the system configuration for that UTM feature, you can identify the policies to which the feature is to be applied. 

C. Enable the appropriate UTM objects and identify one of them as the default. 

D. For each UTM object, identify which policy will use it. 

View Answer

Q2. - (Topic 2) 

Review the output of the command get router info routing-table database shown in the Exhibit below; then answer the question following it. 

Which of the following statements are correct regarding this output? (Select all that apply). 

A. There will be six routes in the routing table. 

B. There will be seven routes in the routing table. 

C. There will be two default routes in the routing table. 

D. There will be two routes for the 10.0.2.0/24 subnet in the routing table. 

View Answer

Q3. - (Topic 1) 

If a FortiGate unit has a dmz interface IP address of 210.192.168.2 with a subnet mask of 255.255.255.0, what is a valid dmz DHCP addressing range? 

A. 172.168.0.1 - 172.168.0.10 

B. 210.192.168.3 - 210.192.168.10 

C. 210.192.168.1 - 210.192.168.4 

D. All of the above. 

View Answer

Q4. - (Topic 3) 

A network administrator needs to implement dynamic route redundancy between a FortiGate unit located in a remote office and a FortiGate unit located in the central office. 

The remote office accesses central resources using IPSec VPN tunnels through two different Internet providers. 

What is the best method for allowing the remote office access to the resources through the FortiGate unit used at the central office? 

A. Use two or more route-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces. 

B. Use two or more policy-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces. 

C. Use route-based VPNs on the central office FortiGate unit to advertise routes with a dynamic routing protocol and use a policy-based VPN on the remote office with two or more static default routes. 

D. Dynamic routing protocols cannot be used over IPSec VPN tunnels. 

View Answer

Q5. - (Topic 1) 

How is traffic routed onto an SSL VPN tunnel from the FortiGate unit side? 

A. A static route must be configured by the administrator using the ssl.root interface as the outgoing interface. 

B. Assignment of an IP address to the client causes a host route to be added to the FortiGate unit’s kernel routing table. 

C. A route back to the SSLVPN IP pool is automatically created on the FortiGate unit. 

D. The FortiGate unit adds a route based upon the destination address in the SSL VPN firewall policy. 

View Answer

Q6. - (Topic 2) 

Select the answer that describes what the CLI command diag debug authd fsso list is used for. 

A. Monitors communications between the FSSO Collector Agent and FortiGate unit. 

B. Displays which users are currently logged on using FSSO. 

C. Displays a listing of all connected FSSO Collector Agents. 

D. Lists all DC Agents installed on all Domain Controllers. 

View Answer

Q7. - (Topic 1) 

Which of the following statements best describes the green status indicators that appear next to different FortiGuard Distribution Network services as illustrated in the exhibit? 

A. They indicate that the FortiGate unit is able to connect to the FortiGuard Distribution Network. 

B. They indicate that the FortiGate unit has the latest updates that are available from the FortiGuard Distribution Network. 

C. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit. 

D. They indicate that the FortiGate unit is in the process of downloading updates from the FortiGuard Distribution Network. 

View Answer

Q8. - (Topic 1) 

Encrypted backup files provide which of the following benefits? (Select all that apply.) 

A. Integrity of the backup file is protected since it cannot be easily modified when encrypted. 

B. Prevents the backup file from becoming corrupted. 

C. Protects details of the device's configuration settings from being discovered while the backup file is in transit. For example, transferred to a data centers for system recovery. 

D. A copy of the encrypted backup file is automatically pushed to the FortiGuard Distribution Service (FDS) for disaster recovery purposes. If the backup file becomes corrupt it can be retrieved through FDS. 

E. Fortinet Technical Support can recover forgotten passwords with a backdoor passphrase. 

View Answer

Q9. - (Topic 1) 

What is the FortiGate unit password recovery process? 

A. Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry. 

B. Log in through the console port using the “maintainer” account within approximately 30 seconds of a reboot. 

C. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password. 

D. The only way to regain access is to interrupt the boot sequence and restore a configuration file for which the password has been modified. 

View Answer

Q10. - (Topic 1) 

SSL content inspection is enabled on the FortiGate unit. Which of the following steps is required to prevent a user from being presented with a web browser warning when accessing an SSL-encrypted website? 

A. The root certificate of the FortiGate SSL proxy must be imported into the local certificate store on the user's workstation. 

B. Disable the strict server certificate check in the web browser under Internet Options. 

C. Enable transparent proxy mode on the FortiGate unit. 

D. Enable NTLM authentication on the FortiGate unit. NTLM authentication suppresses the certificate warning messages in the web browser. 

View Answer