Q1. - (Topic 1) 

An end user logs into the SSL VPN portal and selects the Tunnel Mode option by clicking on the "Connect" button. The administrator has not enabled split tunneling and so the end user must access the Internet through the SSL VPN Tunnel. 

Which firewall policies are needed to allow the end user to not only access the internal network but also reach the Internet? 

A) 

B) 

C) 

D) 

A. Exhibit A 

B. Exhibit B 

C. Exhibit C 

D. Exhibit D 

View Answer

Q2. - (Topic 1) 

When firewall policy authentication is enabled, only traffic on supported protocols will trigger an authentication challenge. 

Select all supported protocols from the following: 

A. SMTP 

B. SSH 

C. HTTP 

D. FTP 

E. SCP 

View Answer

Q3. - (Topic 3) 

A static route is configured for a FortiGate unit from the CLI using the following commands: 

config router static 

edit 1 

set device "wan1" 

set distance 20 

set gateway 192.168.100.1 

next 

end 

Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit’s routing table? 

A. The Administrative Status of the wan1 interface is displayed as Up. 

B. The Link Status of the wan1 interface is displayed as Up. 

C. All other default routes should have an equal or higher distance. 

D. You must disable DHCP client on that interface. 

View Answer

Q4. - (Topic 1) 

Examine the firewall configuration shown below; then answer the question following it. 

Which of the following statements are correct based on the firewall configuration illustrated in the exhibit? (Select all that apply.) 

A. A user can access the Internet using only the protocols that are supported by user authentication. 

B. A user can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. These require authentication before the user will be allowed access. 

C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access any services. 

D. A user cannot access the Internet using any protocols unless the user has passed firewall authentication. 

View Answer

Q5. - (Topic 1) 

Which email filter is NOT available on a FortiGate device? 

A. Sender IP reputation database. 

B. URLs included in the body of known SPAM messages. 

C. Email addresses included in the body of known SPAM messages. 

D. Spam object checksums. 

E. Spam grey listing. 

View Answer

Q6. - (Topic 3) 

When configuring a server load balanced virtual IP, which of the following is the best distribution algorithm to be used in applications where the same physical destination server must be maintained between sessions? 

A. Static 

B. Round robin 

C. Weighted round robin 

D. Least connected 

View Answer

Q7. - (Topic 1) 

Which of the following statements are correct regarding URL filtering on the FortiGate unit? (Select all that apply.) 

A. The allowed actions for URL Filtering include Allow, Block and Exempt. 

B. The allowed actions for URL Filtering are Allow and Block. 

C. The FortiGate unit can filter URLs based on patterns using text and regular expressions. 

D. Any URL accessible by a web browser can be blocked using URL Filtering. 

E. Multiple URL Filter lists can be added to a single protection profile. 

View Answer

Q8. - (Topic 2) 

Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit below. 

Which of the following statements are correct regarding this output? (Select all that apply.) 

A. The connecting client has been allocated address 172.20.1.1. 

B. In the Phase 1 settings, dead peer detection is enabled. 

C. The tunnel is idle. 

D. The connecting client has been allocated address 10.200.3.1. 

View Answer

Q9. - (Topic 3) 

Which of the following describes the best custom signature for detecting the use of the word "Fortinet" in chat applications? 

A. The sample packet trace illustrated in the exhibit provides details on the packet that requires detection. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --no_case; ) 

B. F-SBID( --protocol tcp; --flow from_client; --pattern "fortinet"; --no_case; ) 

C. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --within 20; --no_case; ) 

D. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --within 20; ) 

View Answer

Q10. - (Topic 1) 

Which of the following statements are true regarding Local User Authentication? (Select all that apply.) 

A. Local user authentication is based on usernames and passwords stored locally on the FortiGate unit. 

B. Two-factor authentication can be enabled on a per user basis. 

C. Administrators can create an account for the user locally and specify the remote server to verify the password. 

D. Local users are for administration accounts only and cannot be used for identity policies. 

View Answer