Q1. When does a RADIUS server send anAccess-Challengepacket? 

A. The server does not have the user credentials yet. 

B. The server requires more information from the user,such as the token code for two-factor authentication. 

C. The user credentials are wrong. 

D. The user account is not found in the server. 

View Answer

Q2. Examine the following partial output from two system debug commands; then answer the question below. 

Which of the following statements are true regarding the aboveoutputs? (Choose two.) 

A. The unit is running a 32-bit FortiOS 

B. The unit is in kernel conserve mode 

C. The Cached value is always the Active value plus the Inactive value 

D. Kernel indirectly accesses the low memory (LowTotal) through memory paging 

View Answer

Q3. Examine the following partial output from two system debug commands; then answer the question below. 

Which of the following statements are true regarding the aboveoutputs? (Choose two.) 

A. The unit is running a 32-bit FortiOS 

B. The unit is in kernel conserve mode 

C. The Cached value is always the Active value plus the Inactive value 

D. Kernel indirectly accesses the low memory (LowTotal) through memory paging 

View Answer

Q4. Examine the following partial output from two system debug commands; then answer the question below. 

Which of the following statements are true regarding the aboveoutputs? (Choose two.) 

A. The unit is running a 32-bit FortiOS 

B. The unit is in kernel conserve mode 

C. The Cached value is always the Active value plus the Inactive value 

D. Kernel indirectly accesses the low memory (LowTotal) through memory paging 

View Answer

Q5. Examine the IPsec configuration shown in the exhibit; then answer the question below. 

An administrator wants to monitor the VPN byenable the IKE real time debug using these commands: 

diagnose vpn ike log-filter src-addr4 10.0.10.1 diagnose debug application ike -1 diagnose debug enable 

The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both Ipsec gateways. However, the IKE rea time debug does NOT show any output. Why isn't there any output? 

A. The IKE real time debug shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up. 

B. The log-filter setting is set incorrectly. The VPN's traffic does not match this filter. 

C. The IKF real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnosedebug application ipsec -1 

D. The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally. 

View Answer

Q6. Examine the output of the 'diagnose sys session list expectation' command shown in the exhibit; then answer the question below. 

Which statement is true regarding the session in the exhibit? 

A. it was created by the FortiGate kernel to allow push updates from FortiGuard. 

B. it is for management traffic terminating at the FortiGate. 

C. it is for traffic originated from the FortiGate. 

D. it was created by a session helper or ALG. 

View Answer

Q7. Examine the partial output from the IKE realtime debugshown in the exhibit; then answer the question below. 

Why didn't the tunnel come up? 

A. IKE mode configuration is not enabled in the remote IPsec gateway. 

B. The remote gateway's Phase-2 configuration does not match the local gateway's phase-2configuration. 

C. The remote gateway's Phase-1 configuration does not match the local gateway's phase-1 configuration. 

D. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode. 

View Answer