Q1. An administrator added the following Ipsec VPN to a FortiGate configuration: 

configvpn ipsec phasel -interface 

edit "RemoteSite" 

set type dynamic 

set interface "portl" 

set mode main 

set psksecret ENC LCVkCiK2E2PhVUzZe 

next 

end 

config vpn ipsec phase2-interface 

edit "RemoteSite" 

set phasel name "RemoteSite" 

set proposal 3des-sha256 

next 

end 

However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit. 

What is causing the IPsec problem in the phase 1 ? 

A. The incoming IPsec connection is matching the wrong VPN configuration 

B. The phrase-1 mode must be changed to aggressive 

C. The pre-shared key is wrong 

D. NAT-T settings do not match 

View Answer

Q2. A FortiGate device has the following LDAP configuration: 

Based on the output, what FortiGate LDAP setting is configured incorrectly? 

A. cnid. 

B. username. 

C. password. 

D. dn. 

View Answer

Q3. Examine the partial output from the IKE realtime debugshown in the exhibit; then answer the question below. 

Why didn't the tunnel come up? 

A. IKE mode configuration is not enabled in the remote IPsec gateway. 

B. The remote gateway's Phase-2 configuration does not match the local gateway's phase-2configuration. 

C. The remote gateway's Phase-1 configuration does not match the local gateway's phase-1 configuration. 

D. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode. 

View Answer

Q4. When does a RADIUS server send anAccess-Challengepacket? 

A. The server does not have the user credentials yet. 

B. The server requires more information from the user,such as the token code for two-factor authentication. 

C. The user credentials are wrong. 

D. The user account is not found in the server. 

View Answer

Q5. Examine the output of the 'diagnose sys session list expectation' command shown in the exhibit; then answer the question below. 

Which statement is true regarding the session in the exhibit? 

A. it was created by the FortiGate kernel to allow push updates from FortiGuard. 

B. it is for management traffic terminating at the FortiGate. 

C. it is for traffic originated from the FortiGate. 

D. it was created by a session helper or ALG. 

View Answer

Q6. What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.) 

A. Reduce the session time to live. 

B. Increase the TCP session timers. 

C. Increase the FortiGuard cache time to live. 

D. Reduce the maximum file size to inspect. 

View Answer

Q7. An LDAP user cannot authenticate against a FortiGate device. Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer thequestion below. 

Based on the output in the exhibit, what can cause this authentication problem? 

A. User student is not found in the LDAP server. 

B. User student is using a wrong password. 

C. The FortiGate has been configured with the wrongpassword for the LDAP administrator. 

D. The FortiGate has been configured with the wrong authentication schema. 

View Answer

Q8. An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit's session to indicate that it has been synchronized to the secondary unit? 

A. redir 

B. dirty 

C. synced 

D. nds 

View Answer

Q9. Examine the following partial outputs from two routing debug commands; then answer the question below. 

# get router info routing-table database 

s 0.0.0.0/0 [20/0] via 10.200.2.254, port2, [10/0] s *> 0.0.0.0/0 [10/0] via 10.200.1.254, port1 

# get router info routing-table all 

s* 0.0.0.0/0 [10/0] via 10.200.1.254, port1 

Why the default route using port2 is not displayed in the output of the second command? 

A. it has a lower priority than the default route using port1. 

B. it has a higher priority than the default route using portl. 

C. it has a higher distance than the default route using portl. 

D. it is disabled in the FortiGate configuration. 

View Answer

Q10. Examine the output of the 'diagnose sys session list expectation' command shown in the exhibit; then answer the question below. 

Which statement is true regarding the session in the exhibit? 

A. it was created by the FortiGate kernel to allow push updates from FortiGuard. 

B. it is for management traffic terminating at the FortiGate. 

C. it is for traffic originated from the FortiGate. 

D. it was created by a session helper or ALG. 

View Answer