Mi_Test_EFW_7_03

101. An administrator is running the following sniffer in a FortiGate: diagnose sniffer packet any “host 10.0.2.10” 2 What information is included in the output of the sniffer? (Choose two.). Ethernet headers. IP payload. IP headers. Port names.

102. An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.). Router ID. OSPF interface area. OSPF interface cost. OSPF interface MTU. Interface subnet mask.

103. View the exhibit, which contains the output of a BGP debug command, and then answer the question below. Which of the following statements about the exhibit are true? (Choose two.). For the peer 10.125.0.60, the BGP state of is Established. The local BGP peer has received a total of three BGP prefixes. Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down. The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.

104. Refer to the exhibit, which shows a session entry. Which statement about this session is true?. It is an ICMP session from 10.1.10.10 to 10.200.5.1. It is a TCP session in close_wait state, from 10. l. 10.10 to 10.200.1.1. It is an ICMP session from 10.1.10.10 to 10.200.1.1. It is a TCP session in the established state, from 10.1.10.10 to 10.200.5.1.

105. Which two statements about conserve mode are true? (Choose two.). FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold. FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold. FortiGate enters conserve mode when the system memory reaches the configured extreme threshold. FortiGate exits conserve mode when the system memory goes below the configured green threshold.

106. Refer to the exhibit, which shows the output of a debug command. What can be concluded from the debug command output?. The OSPF router with the ID 0.0.0.69 has its OSPF priority set to 0. The local FortiGate has a different MTU value from the OSPF router with ID 0.0.0.2, based on the state information. There are more than two OSPF routers on the wan2 network. The interface ToRemote is a broadcast OSPF network.

107. Which two conditions must be met for a statistic route to be active in the routing table? (Choose two.). The link health monitor (if configured) is up. There is no other route, to the same destination, with a higher distance. The outgoing interface is up. The next-hop IP address is up.

108. Which of the following statements are correct regarding application layer test commands? (Choose two.). They are used to filter real-time debugs. They display real-time application debugs. Some of them display statistics and configuration information about a feature or process. Some of them can be used to restart an application.

109. Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; than answer the question below. Which statement is true regarding the session in the exhibit?. It was created by the FortiGate kernel to allow push updates from FotiGuard. It is for management traffic terminating at the FortiGate. It is for traffic originated from the FortiGate. It was created by a session helper or ALG.

110. Examine the partial output from two web filter debug commands; then answer the question below: Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?. Finance and banking. General organization. Business. Information technology.

111. How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.). When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history. When run on the Device Database, changes are applied directly to the managed FortiGate device. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation. When run on the Policy Package, ADOM database, you must use the installation wizard to apply the changes to the managed FortiGate device.

112. Which two statements about OCVPN are true? (Choose two.). Only root vdom supports OCVPN. OCVPN supports static and dynamic IPs in WAN interface. OCVPN offers only Hub-Spoke VPNs. FortiGate devices under different FortiCare accounts can be used to form OCVPN.

113. Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below. Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?. The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet. The TCP session for the BGP connection to 10.200.3.1 is down. The local peer has received the BGP prefixed from the remote peer. The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.

114. Refer to the exhibit, which shows a partial routing table. Assuming all the appropriate firewall policies are configured, which two pings will FortiGate route? (Choose two.). Source IP address: 10.1.0.10. Destination IP address: 10.64.1.52. Source IPaddress: 10.72.3.52. Destination IP address: 10.1.0.254. Source IPaddress: 10.10.4.24, Destination IPaddress: 10.72.3.20. Source IPaddress: 10.73.9.10, Destination IPaddress: 10.72.3.15.

115. A FortiGate device has the following LDAP configuration: The administrator executed the ‘dsquery’ command in the Windows LDAp server 10.0.1.10, and got the following output: >dsquery user –samid administrator “CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab” Based on the output, what FortiGate LDAP setting is configured incorrectly?. cnid. username. password. dn.

116. An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?. diagnose sniffer packet any ‘ah’. diagnose sniffer packet any ‘ip proto 50’. diagnose sniffer packet any ‘udp port 4500’. diagnose sniffer packet any ‘udp port 500’.

117. View the exhibit, which contains the output of diagnose sys session list, and then answer the question below. If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?. This session is for HA heartbeat traffic. This session is synced with the slave unit. The inspection of this session has been offloaded to the slave unit. This session cannot be synced with the slave unit.

118. Which ADVPN configuration must be configured using a script on FortiManager, when using VPN Manager to manage FortiGate VPN tunnels?. Set protected network to all. Enable AD-VPN in IPsec phase 1. Configure IP addresses on IPsec virtual interfaces. Disable add-route on hub.

119. Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?. FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator. FortiGate limits the total number of simultaneous explicit web proxy users. FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator. FortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.

120. Refer to the exhibit, which shows the output of get system ha status. NGFW-1 and NGFW-2 have been up for a week. Which two statements about the output are true? (Choose two.). If FGVM...649 is rebooted, FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster. If no action is taken, the primary FortiGate will leave the cluster due to the current sync status. If port7 becomes disconnected on the secondary, both FortiGate devices will elect itself the primary. If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

121. Refer to the exhibit, which contains a CLI script configuration on FortiManager. An administrator configured the CLI script on FortiManager, but the script failed to apply any changes to the managed device after being executed. What are two reasons why the script did not make any changes to the managed device? (Choose two.). Static routes can be added using only TCL scripts. The commands that start with the # sign did not run. CLI scripts must start with #!. Incomplete commands can cause CLI scripts to fail.

122. View the exhibit, which contains a session entry, and then answer the question below. Which statement is correct regarding this session?. It is an ICMP session from 10.1.10.10 to 10.200.1.1. It is an ICMP session from 10.1.10.10 to 10.200.5.1. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

123. Which two statements about bulk configuration changes made using FortiManager CLI scripts are correct? (Choose two.). When run on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate device. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history. When run on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate device.

124. Refer to the exhibit, which contains partial output from an IKE real-time debug. Why did the tunnel not come up?. The local gateway has configured less secure encryption and hashing algorithms compared to the remote gateway. The Diffie-Hellman group does not match on the local and remote gateways. The proposal ID does not match between local and remote gateways. The encapsulation method for phase 2 is set to none on local and remote gateways.

125. The logs in a FSSO collector agent (CA) are showing the following error: failed to connect to registry: PIKA1026 (192.168.12.232) What can be the reason for this error?. The CA cannot resolve the name of the workstation. The FortiGate cannot resolve the name of the workstation. The remote registry service is not running in the workstation 192.168.12.232. The CA cannot reach the FortiGate with the IP address 192.168.12.232.

126. View the exhibit, which contains the output of a debug command, and then answer the question below. What statement is correct about this FortiGate?. It is currently in system conserve mode because of high CPU usage. It is currently in FD conserve mode. It is currently in kernel conserve mode because of high memory usage. It is currently in system conserve mode because of high memory usage.

127. Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?. Group ID. Group name. Session pickup. Gratuitous ARPs.

128.Refer to the exhibit, which contains the partial output of a diagnose command. Based on the output, which two statements are correct? (Choose two.). The remote gateway has quick mode selectors containing a destination subnet of 10.1.2.0/24. The remote gateway IP is 10.200.5.1. DPD is disabled. Anti-replay is enabled.

129. Which two statements about application-layer test commands are true? (Choose two.). Some of them display real-time application debugs. Some of them can be used to restart an application. Some of them display statistics and configuration information about a feature or process. Some of them only display output, after you run the diagnose debug console enable command.

130. Which two statements about the Security Fabric are true? (Choose two.). Only the root FortiGate collects network information and forwards it to FortiAnalyzer. FortiGate uses FortiTelemetry protocol to communicate with FortiAnalyzer. All FortiGate devices in the Security Fabric must have bidirectional FortiTelemetry connectivity. Branch FortiGate devices must be configured first.

131. View the exhibit, which contains the output of a diagnose command, and then answer the question below. What statements are correct regarding the output? (Choose two.). This is an expected session created by a session helper. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next- hop IP address 10.0.1.10. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next- hop IP address 10.200.1.1. This is an expected session created by an application control profile.

132. Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?. FortiGate first checks the OSPF ID to elect a DR. Non-DR and non-BDR routers will form full adjacencies to DR and BDR only. BDR is responsible for forwarding link state information from one router to another. Only the DR receives link state information from non-DR routers.

133. A FortiGate has two default routes: All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user: What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?. The session would be deleted, and the client would need to start a new session. The session would remain in the session table, and its traffic would start to egress from port2. The session would remain in the session table, but its traffic would now egress from both port1 and port2. The session would remain in the session table, and its traffic would still egress from port1.

134. Examine the following partial output from a sniffer command; then answer the question below. What is the meaning of the packets dropped counter at the end of the sniffer?. Number of packets that didn’t match the sniffer filter. Number of total packets dropped by the FortiGate. Number of packets that matched the sniffer filter and were dropped by the FortiGate. Number of packets that matched the sniffer filter but could not be captured by the sniffer.

135. Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below: Which statements are true regarding the output in the exhibit? (Choose two.). BGP peers have successfully interchanged Open and Keepalive messages. Local BGP peer received a prefix for a default route. The state of the remote BGP peer is OpenConfirm. The state of the remote BGP peer will go to Connect after it confirms the received prefixes.

136. Which two statements about an auxiliary session are true? (Choose two.). With the auxiliary session setting disabled, only auxiliary sessions are offloaded. With the auxiliary session setting enabled, two sessions are created in case of routing change. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor. With the auxiliary session setting disabled, for each traffic path, FortiGate uses the same auxiliary session.

137. Refer to the exhibit, which shows a central management configuration. Which server will FortiGate choose for web filter rating requests, if 10.0.1.240 is experiencing an outage?. Public FortiGuard servers. 10.0.1.243. 10.0.1.242. 10.0.1.244.

138. Examine the following traffic log; then answer the question below. date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted." What does the log mean?. There is not enough available memory in the system to create a new entry in the NAT port table. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached. FortiGate does not have any available NAT port for a new connection. The limit for the maximum number of entries in the NAT port table has been reached.

139. An LDAP user cannot authenticate against a FortiGate device. Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer the question below. Based on the output in the exhibit, what can cause this authentication problem?. User student is not found in the LDAP server. User student is using a wrong password. The FortiGate has been configured with the wrong password for the LDAP administrator. The FortiGate has been configured with the wrong authentication schema.

140. View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below. Which statements about this debug output are correct? (Choose two.). The remote gateway IP address is 10.0.0.1. It shows a phase 1 negotiation. The negotiation is using AES128 encryption with CBC hash. The initiator has provided remote as its IPsec peer ID.

141. View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below. Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?. auto-discovery-sender. auto-discovery-forwarder. auto-discovery-shortcut. auto-discovery-receiver.

142. View the exhibit, which contains the partial output of a diagnose command, and then answer the question below. Based on the output, which of the following statements is correct?. Anti-reply is enabled. DPD is disabled. Quick mode selectors are disabled. Remote gateway IP is 10.200.5.1.

143. View the exhibit, which contains the output of a diagnose command, and the answer the question below. Which statements are true regarding the Weight value?. Its initial value is calculated based on the round trip delay (RTT). Its initial value is statically set to 10. Its value is incremented with each packet lost. It determines which FortiGuard server is used for license validation.

144. Which action will FortiGate take when using the default settings for SSL certificate inspection, where the server name indication (SNI) does not match either the common name (CN) or any of the subject altemative names (SAN) in the server certificate?. FortiGate uses the CN information from the Subject field in the server certificate. FortiGate uses the first entry listed in the SAN field in the server certificate. FortiGate uses the SNI from the user's web browser. FortiGate closes the connection because this represents an invalid SSL/TLS configuration.

145. View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below. Why didn’t the tunnel come up?. The pre-shared keys do not match. The remote gateway’s phase 2 configuration does not match the local gateway’s phase 2 configuration. The remote gateway’s phase 1 configuration does not match the local gateway’s phase 1 configuration. The remote gateway is using aggressive mode and the local gateway is configured to use man mode.

146. Refer to the exhibit, which contains partial output from an IKE real-time debug. Based on the debug output, which phase 1 setting is enabled in the configuration of this VPN?. auto-discovery-shortcut. auto-discovery-forwarder. auto-discovery-sender. auto-discovery-receiver.

147. Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.). IPS failopen. mem failopen. AV failopen. UTM failopen.

148. A FortiGate device has the following LDAP configuration: The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account: Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.). cnid. username. password. dn.

149. Refer to exhibit, which contains the output of a BGP debug command. Which statement explains why the state of the 10.200.3.1 peer is Connect?. The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the OpenConfirm yet. The TCP session to 10.200.3.1 has not completed the three-way handshake. The local router is receiving the BGP keepalives from the peer, but it has not received a BGP prefix yet. The local router has received the BGP prefixes from the remote peer.

150. Which statement about memory conserve mode is true?. A FortiGate exits conserve mode when the configured memory use threshold reaches yellow. A FortiGate starts dropping all the new and old sessions when the configured memory use threshold reaches extreme. A FortiGate starts dropping new sessions when the configured memory use threshold reaches red. A FortiGate enters conserve mode when the configured memory use threshold reaches red.

151. An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit’s session to indicate that it has been synchronized to the secondary unit?. redir. dirty. synced. nds.

152. What are two functions of automation stitches? (Choose two.). Automation stitches can be configured on any FortiGate device in a Security Fabric environment. An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action. Automation stitches can be created to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds. An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

153. Refer to the exhibits. Which contain the partial configurations of two VPNs on FortiGate. An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, the administrator discovered that FortiGate is not matching the user-2 VPN for members of the Users-2 group. Which two changes must administrator make to fix the issue? (Choose two.). Use different pre-shared keys on both VPNs. Enable Mode Config on both VPNs. Set up specific peer IDs on both VPNs. Change to aggressive mode on both VPNs.

154. Which configuration can be used to reduce the number of BGP sessions in an IBGP network?. Neighbor range. Route reflector. Next-hop-self. Neighbor group.

155. A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.). Both session have the local flag on. The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces. One session has the proxy flag on, the other one does not. One of the sessions has the IP address of port2 as the source IP address.

156. Refer to the exhibit, which contains a TCL script configuration on FortiManager. An administrator has configured the TCL script on FortiManager, but failed to apply any changes to the managed device after being executed. Why did the TCL script fail to make any changes to the managed device?. Changes in an interface configuration can only be done by CLI script. The TCL script must start with #include <>. Incomplete commands are ignored in TCL scripts. The TCL command run_cmd has not been created.

157. Which statement is true regarding File description (FD) conserve mode?. IPS inspection is affected when FortiGate enters FD conserve mode. A FortiGate enters FD conserve mode when the amount of available description is less than 5%. FD conserve mode affects all daemons running on the device. Restarting the WAD process is required to leave FD conserve mode.

158. Examine the output of the ‘get router info ospf neighbor’ command shown in the exhibit; then answer the question below. Which statements are true regarding the output in the exhibit? (Choose two.) Refer to the exhibit, which shows the output of a debug command. Which statement about the output is true?. The OSPF routers with the IDs 0.0.0.69 and 0.0.0.117 are both designated routers for the war. l network. The OSPF router with the ID 0.0.0.2 is the designated router for the ToRemote network. The local FortiGate is the designated router for the wan1 network. The interface ToRemote is a point-to-point OSPF network.

159. Refer to the exhibit, which shows the output of a diagnose command. What can you conclude from the output shown in the exhibit? (Choose two.). This is a pinhole session created to allow traffic for a protocol that requires additional sessions to operate through FortiGate. This is an expected session created by the IPS engine. Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next- hop IP address 10.200.1.1. Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.0.1.10.

160. Refer to the exhibit, which shows partial outputs from two routing debug commands. Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?. Set the priority of the static default route using port1 to 10. Set the priority of the static default route using port2 to 1. Set preserve-session-route to enable. Set snat-route-change to enable.

161. Refer to the exhibit, which contains the debug output of diagnose dvm device list. Which two statements about the output shown in the exhibit are correct? (Choose two.). ADOMs are disabled on the FortiManager. The FortiGate configuration is in sync with latest running revision history. There are pending device-level changes yet to be installed on Local-FortiGate. The policy package has been modified for Local-FortiGate.

162. What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.). Reduce the session time to live. Increase the TCP session timers. Increase the FortiGuard cache time to live. Reduce the maximum file size to inspect.

163. Refer to the exhibit, which shows a partial web filter profile configuration. Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?. FortiGate will block the connection, based on the FortiGuard category based filter configuration. FortiGate will block the connection as an invalid URL. FortiGate will exempt the connection, based on the Web Content Filter configuration. FortiGate will allow the connection, based on the URL Filter configuration.