NSE4-240
COMENTARIOS |
ESTADÍSTICAS |
RÉCORDS
|
Título del Test: NSE4-240 Descripción: NSE4_V6.2 |
Nuevo Comentario| Comentarios |
|---|
NO HAY REGISTROS |
|
Which of the following network protocols can be used to access a FortiGate unit as an administrator?. HTTPS, HTTP, SSH, TELNET, PING, SNMP. FTP, HTTPS, NNTP, TCP, WINS. HTTP, NNTP, SMTP, DHCP. Telnet, FTP, RLOGIN, HTTP, HTTPS, DDNS. Telnet, UDP, NNTP, SMTP. Which statement is correct regarding virus scanning on a FortiGate unit?. Virus scanning is enabled by default. Fortinet Customer Support enables virus scanning remotely for you. Virus scanning must be enabled in a UTM security profile and the UTM security profile must be assigned to a firewall policy. Enabling virus scanning in a UTM security profile enables virus scanning for all traffic flowing through the FortiGate device. When configuring a server load balanced virtual IP, which of the following is the best distribution algorithm to be used in applications where the same physical destination server must be maintained between sessions?. Static. Round robin. Weighted round robin. Least connected. Which one of the following statements is correct about raw log messages?. Logs have a header and a body section. The header will have the same layout for every log message. The body section will change layout from one type of log message to another. Logs have a header and a body section. The header and body will change layout from one type of log message to another. Logs have a header and a body section. The header and body will have the same layout for every log message. Which of the following statements are true of the FortiGate unit's factory default configuration ?. 'Port1' or 'Internal' interface will have an IP of 192.168.1.99. 'Port1' or 'Internal' interface will have a DHCP server set up and enabled (on devices that support DHCP Servers). Default login will always be the username: admin (all lowercase) and no password. The implicit firewall action is ACCEPT. Which of the following products can be installed on a computer running Windows XP to provide personal firewall protection, antivirus protection, web and mail filtering, spam filtering, and VPN functionality?. FortiGate. FortiAnalyzer. FortiClient. FortiManager. FortiReporter. Data Leak Prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.). SNMP. IPSec. SMTP. POP3. HTTP. The FortiGate unit's GUI provides a link to update the firmware. Clicking this link will perform which of the following actions?. It will connect to the Fortinet Support site where the appropriate firmware version can be selected. It will send a request to the FortiGuard Distribution Network so that the appropriate firmware version can be pushed down to the FortiGate unit. It will present a prompt to allow browsing to the location of the firmware file. It will automatically connect to the Fortinet Support site to download the most recent firmware version for the FortiGate unit. Which of the statements below are true regarding firewall policy disclaimers? (Select all that apply.). User must accept the disclaimer to proceed with the authentication process. The disclaimer page is customizable. The disclaimer cannot be used in combination with user authentication. The disclaimer can only be applied to wireless interfaces. An administrator wishes to generate a report showing Top Traffic by service type, but wants to exclude SMTP traffic from the report. Which of the following statements best describes how to do this?. In the Service field of the Data Filter, type 25/smtp and select the NOT checkbox. Add the following entry to the Generic Field section of the Data Filter: service="!smtp". When editing the chart, uncheck mlog to indicate that Mail Filtering data is being excluded when generating the chart. When editing the chart, enter 'dns' in the Exclude Service field. Which of the following options can you use to update the virus definitions on a FortiGate unit? (Select all that apply.). Push update. Scheduled update. Manual update. FTP update. Which of the following describes the best custom signature for detecting the use of the word "Fortinet" in chat applications?. The sample packet trace illustrated in the exhibit provides details on the packet that requires detection. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --no_case; ). F-SBID( --protocol tcp; --flow from_client; --pattern "fortinet"; --no_case; ). F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --within 20; --no_case; ). F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --within 20; ). Shown below is a section of output from the debug command diag ip arp list. index=2 ifname=port1 172.20.187.150 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 ref=1. In the output provided, which of the following best describes the IP address 172.20.187.150?. It is the primary IP address of the port1 interface. It is one of the secondary IP addresses of the port1 interface. It is the IP address of another network device located in the same LAN segment as the FortiGate unit's port1 interface. Review the output of the command config router ospf shown in the Exhibit below; then answer the question following it. Which one of the following statements is correct regarding this output?. OSPF Hello packets will only be sent on interfaces configured with the IP addresses 172.16.1.1 and 172.16.1.2. OSPF Hello packets will be sent on all interfaces of the FortiGate device. OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks. OSPF Hello packets are not sent on point-to-point networks. A DLP rule with an action of Exempt has been matched against traffic passing through the FortiGate unit. Which of the following statements is correct regarding how this transaction will be handled by the FortiGate unit?. Any other matched DLP rules will be ignored with the exception of Archiving. Future files whose characteristics match this file will bypass DLP scanning. The traffic matching the DLP rule will bypass antivirus scanning. The client IP address will be added to a white list. When creating administrative users which of the following configuration objects determines access rights on the FortiGate unit. profile. allowaccess interface settings. operation mode. local-in policy. FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory. Which of the following statements are correct regarding FSSO in a Windows domain environment when NTLM and Polling Mode are not used? (Select all that apply.). An FSSO Collector Agent must be installed on every domain controller. An FSSO Domain Controller Agent must be installed on every domain controller. The FSSO Domain Controller Agent will regularly update user logon information on the FortiGate unit. The FSSO Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit. For non-domain computers, the only way to allow FSSO authentication is to install an FSSO client. Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit?. Packet encryption. MIB-based report uploads. SNMP access limits through access lists. Running SNMP service on a non-standard port is possible. Which of the following cannot be used in conjunction with the endpoint compliance check?. HTTP Challenge Redirect to a Secure Channel (HTTPS) in the Authentication Settings. Any form of firewall policy authentication. WAN optimization. Traffic shaping. Which of the following statements is correct regarding URL Filtering on the FortiGate unit?. The FortiGate unit can filter URLs based on patterns using text and regular expressions. The available actions for URL Filtering are Allow and Block. Multiple URL Filter lists can be added to a single Web filter profile. A FortiGuard Web Filtering Override match will override a block action in the URL filter list. A FortiGate unit can scan for viruses on which types of network traffic? (Select all that apply.). POP3. FTP. SMTP. SNMP. NetBios. A FortiGate 100 unit is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. Which of the following statements are possible reasons for this? (Select all that apply.). The external facing interface of the FortiGate unit is configured to use DHCP. The FortiGate unit has not been registered. There is a NAT device between the FortiGate unit and the FortiGuard Distribution Network. The FortiGate unit is in Transparent mode. Which of the following is true regarding Switch Port Mode?. Allows all internal ports to share the same subnet. Provides separate routable interfaces for each internal port. An administrator can select ports to be used as a switch. Configures ports to be part of the same broadcast domain. If no firewall policy is specified between two FortiGate interfaces and zones are not used, which of the following statements describes the action taken on traffic flowing between these interfaces?. The traffic is blocked. The traffic is passed. The traffic is passed and logged. The traffic is blocked and logged. A FortiGate unit can provide which of the following capabilities? (Select all that apply.). Email filtering. Firewall. VPN gateway. Mail relay. Mail server. Which of the following statements is correct regarding the NAC Quarantine feature?. With NAC quarantine, files can be quarantined not only as a result of antivirus scanning, but also for other forms of content inspection such as IPS and DLP. NAC quarantine does a client check on workstations before they are permitted to have administrative access to FortiGate. NAC quarantine allows administrators to isolate clients whose network activity poses a security risk. If you chose the quarantine action, you must decide whether the quarantine type is NAC quarantine or File quarantine. Which of the following DLP actions will always be performed if it is selected?. Archive. Quarantine Interface. Ban Sender. Block. None. Ban. Quarantine IP Address. Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of the following: FortiGate unit's encryption certificate used by the SSL proxy. FortiGate unit's signing certificate used by the SSL proxy. FortiGuard's signing certificate used by the SSL proxy. FortiGuard's encryption certificate used by the SSL proxy. A FortiGate unit is operating in NAT/Route mode and is configured with two Virtual LAN (VLAN) sub-interfaces added to the same physical interface. Which of the following statements is correct regarding the VLAN IDs in this scenario?. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets. The two VLAN sub-interfaces must have different VLAN IDs. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs. The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches. A FortiClient fails to establish a VPN tunnel with a FortiGate unit. The following information is displayed in the FortiGate unit logs: msg="Initiator: sent 192.168.11.101 main mode message #1 (OK)" msg="Initiator: sent 192.168.11.101 main mode message #2 (OK)" msg="Initiator: sent 192.168.11.101 main mode message #3 (OK)" msg="Initiator: parsed 192.168.11.101 main mode message #3 (DONE)" msg="Initiator: sent 192.168.11.101 quick mode message #1 (OK)" msg="Initiator: tunnel 192.168.1.1/192.168.11.101 install ipsec sa" msg="Initiator: sent 192.168.11.101 quick mode message #2 (DONE)" msg="Initiator: tunnel 192.168.11.101, transform=ESP_3DES, HMAC_MD5" msg="Failed to acquire an IP address Which of the following statements is a possible cause for the failure to establish the VPN tunnel?. An IPSec DHCP server is not enabled on the external interface of the FortiGate unit. There is no IPSec firewall policy configured for the policy-based VPN. There is a mismatch between the FortiGate unit and the FortiClient IP addresses in the phase 2 settings. The phase 1 configuration on the FortiGate unit uses Aggressive mode while FortiClient uses Main mode. An administrator logs into a FortiGate unit using an account which has been assigned a super_admin profile. Which of the following operations can this administrator perform?. They can delete logged-in users who are also assigned the super_admin access profile. They can make changes to the super_admin profile. They can delete the admin account if the default admin user is not logged in. They can view all the system configuration settings but can not make changes. They can access configuration options for only the VDOMs to which they have been assigned. Which of the following components are contained in all FortiGate units from the FG50 models and up? (Select all that apply.). FortiASIC content processor. Hard Drive. Gigabit network interfaces. Serial console port. Which of the following statements is correct regarding the FortiGuard Services Web Filtering Override configuration as illustrated in the exhibit?. Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/. A client with an IP of address 10.10.10.12 is allowed access to any subdirectory that is part of the www.yahoo.com web site. A client with an IP address of 10.10.10.12 is allowed access to the www.yahoo.com/images/ web site and any of its offsite URLs. A client with an IP address of 10.10.10.12 is allowed access to any URL under the www.yahoo.com web site, including any subdirectory URLs, until August 7, 2009. Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/ until August 7, 2009. The Idle Timeout setting on a FortiGate unit applies to which of the following?. Web browsing. FTP connections. User authentication. Administrator access. Web filtering overrides. Which of the following DLP actions will override any other action?. Exempt. Quarantine Interface. Block. None. When backing up the configuration file on a FortiGate unit, the contents can be encrypted by enabling the encrypt option and supplying a password. If the password is forgotten, the configuration file can still be restored using which of the following methods?. Selecting the recover password option during the restore process. Having the password emailed to the administrative user by selecting the Forgot Password option. Sending the configuration file to Fortinet Support for decryption. If the password is forgotten, there is no way to use the file. An end user logs into the SSL VPN portal and selects the Tunnel Mode option by clicking on the "Connect" button. The administrator has not enabled split tunneling and so the end user must access the Internet through the SSL VPN Tunnel. Which firewall policies are needed to allow the end user to not only access the internal network but also reach the Internet?. Exhibit A. Exhibit B. Exhibit C. Exhibit D. Which of the following Fortinet products can receive updates from the FortiGuard Distribution Network? (Select all that apply.). FortiGate. FortiClient. FortiMail. FortiAnalyzer. If a FortiGate unit has a dmz interface IP address of 210.192.168.2 with a subnet mask of 255.255.255.0, what is a valid dmz DHCP addressing range?. 172.168.0.1 - 172.168.0.10. 210.192.168.3 - 210.192.168.10. 210.192.168.1 - 210.192.168.4. All of the above. Two-factor authentication is supported using the following methods? (Select all that apply.). FortiToken. Email. SMS phone message. Code books. Review the output of the command get router info routing-table database shown in the Exhibit below; then answer the question following it. Which of the following statements are correct regarding this output? (Select all that apply). There will be six routes in the routing table. There will be seven routes in the routing table. There will be two default routes in the routing table. There will be two routes for the 10.0.2.0/24 subnet in the routing table. In NAT/Route mode when there is no matching firewall policy for traffic to be forwarded by the Firewall, which of the following statements describes the action taken on traffic?. The traffic is blocked. The traffic is passed. The traffic is passed and logged. The traffic is blocked and logged. In Transparent Mode, forward-domain is an attribute of ______________. an interface. a firewall policy. a static route. a virtual domain. Which of the following authentication types are supported by FortiGate units? (Select all that apply.). Kerberos. LDAP. RADIUS. Local Users. When browsing to an internal web server using a web-mode SSL VPN bookmark, from which of the following source IP addresses would the web server consider the HTTP request to be initiated?. The remote user's virtual IP address. The FortiGate unit's internal IP address. The remote user's public IP address. The FortiGate unit's external IP address. DLP archiving gives the ability to store session transaction data on a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.). SNMP. IPSec. SMTP. POP3. HTTP. When creating administrative users, the assigned _____________determines user rights on the FortiGate unit. The following diagnostic output is displayed in the CLI: diag firewall auth list policy iD. 9, srC. 192.168.3.168, action: accept, timeout: 13427 user: forticlient_chk_only, group: flag (80020): auth timeout_ext, flag2 (40): exact group iD. 0, av group: 0 ----- 1 listed, 0 filtered ----Based on this output, which of the following statements is correct?. Firewall policy 9 has endpoint compliance enabled but not firewall authentication. The client check that is part of an SSL VPN connection attempt failed. This user has been associated with a guest profile as evidenced by the group id of 0. An auth-keepalive value has been enabled. Which of the following statements are correct regarding Application Control?. Application Control is based on the IPS engine. Application Control is based on the AV engine. Application Control can be applied to SSL encrypted traffic. Application Control cannot be applied to SSL encrypted traffic. An intermittent connectivity issue is noticed between two devices located behind the FortiGate dmz and internal interfaces. A continuous sniffer trace is run on the FortiGate unit that the administrator will convert into a .cap file for an off-line analysis with a sniffer application. Given the high volume of global traffic on the network, which of the following CLI commands will best allow the administrator to perform this troubleshooting operation?. diagnose sniffer packet any. diagnose sniffer packet dmz "" 3. diagnose sniffer packet any "host 192.168.1.100 and host 192.168.10.100 " 3. diagnose sniffer packet any "host 192.168.1.100 and host 192.168.10.100 " 4. Which of the following products provides dedicated hardware to analyze log data from multiple FortiGate devices?. FortiGate device. FortiAnalyzer device. FortiClient device. FortiManager device. FortiMail device. FortiBridge device. Which of the following products is designed to manage multiple FortiGate devices?. FortiGate device. FortiAnalyzer device. FortiClient device. FortiManager device. FortiMail device. FortiBridge device. Bob wants to send Alice a file that is encrypted using public key cryptography. Which of the following statements is correct regarding the use of public key cryptography in this scenario?. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file. Bob will use his public key to encrypt the file and Alice will use Bob's private key to decrypt the file. Bob will use Alice's public key to encrypt the file and Alice will use her private key to decrypt the file. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file. Bob will use Alice's public key to encrypt the file and Alice will use Bob's public key to decrypt the file. Which of the following statements are correct regarding logging to memory on a FortiGate unit? (Select all that apply.). When the system has reached its capacity for log messages, the FortiGate unit will stop logging to memory. When the system has reached its capacity for log messages, the FortiGate unit overwrites the oldest messages. If the FortiGate unit is reset or loses power, log entries captured to memory will be lost. None of the above. In which of the following report templates would you configure the charts to be included in the report?. Layout Template. Data Filter Template. Output Template. Schedule Template. What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed set of IPSec tunnels? (Select all that apply.). Using a hub and spoke topology is required to achieve full redundancy. Using a hub and spoke topology simplifies configuration. Using a hub and spoke topology provides stronger encryption. Using a hub and spoke topology reduces the number of tunnels. An administrator sets up a new FTP server on TCP port 2121. A FortiGate unit is located between the FTP clients and the server. The administrator has created a policy for TCP port 2121. Users have been complaining that when downloading data they receive a 200 Port command successful message followed by a 425 Cannot build data connection message. Which of the following statements represents the best solution to this problem?. Create a new session helper for the FTP service monitoring port 2121. Enable the ANY service in the firewall policies for both incoming and outgoing traffic. Place the client and server interface in the same zone and enable intra-zone traffic. Disable any protection profiles being applied to FTP traffic. Which of the following methods does the FortiGate unit use to determine the availability of a web cache using Web Cache Communication Protocol (WCCP)?. The FortiGate unit receives periodic "Here I am" messages from the web cache. The FortiGate unit polls all globally-defined web cache servers at a regular intervals. The FortiGate using uses the health check monitor to verify the availability of a web cache server. The web cache sends an "I see you" message which is captured by the FortiGate unit. When firewall policy authentication is enabled, only traffic on supported protocols will trigger an authentication challenge. Select all supported protocols from the following: SMTP. SSH. HTTP. FTP. SCP. A network administrator needs to implement dynamic route redundancy between a FortiGate unit located in a remote office and a FortiGate unit located in the central office. The remote office accesses central resources using IPSec VPN tunnels through two different Internet providers. What is the best method for allowing the remote office access to the resources through the FortiGate unit used at the central office?. Use two or more route-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces. Use two or more policy-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces. Use route-based VPNs on the central office FortiGate unit to advertise routes with a dynamic routing protocol and use a policy-based VPN on the remote office with two or more static default routes. Dynamic routing protocols cannot be used over IPSec VPN tunnels. An administrator is examining the attack logs and notices the following entry: device_id=FG100A3907508962 log_id=18432 subtype=anomaly type=ips timestamp=1270017358 pri=alert itime=1270017893 severity=critical src=192.168.1.52 dst=64.64.64.64 src_int=internal serial=0 status=clear_session proto=6 service=http vd=root count=1 src_port=35094 dst_port=80 attack_id=100663402 sensor=protectservers ref=http://www.fortinet.com/ids/VID100663402 msg="anomaly: tcp_src_session, 2 > threshold 1" policyid=0 carrier_ep=N/A profile=N/A dst_int=N/A user=N/A group=N/A Based solely upon this log message, which of the following statements is correct?. This attack was blocked by the HTTP protocol decoder. This attack was caught by the DoS sensor "protect-servers". This attack was launched against the FortiGate unit itself rather than a host behind the FortiGate unit. The number of concurrent connections to destination IP address 64.64.64.64 has exceeded the configured threshold. An administrator is configuring a DLP rule for FTP traffic. When adding the rule to a DLP sensor, the administrator notes that the Ban Sender action is not available (greyed-out), as shown in the exhibit. Which of the following is the best explanation for the Ban Sender action NOT being available?. The Ban Sender action is never available for FTP traffic. The Ban Sender action needs to be enabled globally for FTP traffic on the FortiGate unit before configuring the sensor. Firewall policy authentication is required before the Ban Sender action becomes available. The Ban Sender action is only available for known domains. No domains have yet been added to the domain list. A FortiGate 60 unit is configured for your small office. The DMZ interface is connected to a network containing a web server and email server. The Internal interface is connected to a network containing 10 user workstations and the WAN1 interface is connected to your ISP. You want to configure firewall policies so that your users can send and receive email messages to the email server on the DMZ network. You also want the email server to be able to retrieve email messages from an email server hosted by your ISP using the POP3 protocol. Which policies must be created for this communication? (Select all that apply.). Internal > DMZ. DMZ > Internal. Internal > WAN1. WAN1 > Internal. DMZ > WAN1. WAN1 > DMZ. Which of the following statements regarding Banned Words are correct? (Select all that apply.). The FortiGate unit can scan web pages and email messages for instances of banned words. When creating a banned word list, an administrator can indicate either specific words or patterns. Banned words can be expressed as wildcards or regular expressions. Content is automatically blocked if a single instance of a banned word appears. The FortiGate unit includes a pre-defined library of common banned words. An administrator has formed a High Availability cluster involving two FortiGate 310B units. [Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ] The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster. Which of the following options describes the best step the administrator can take? The administrator should... set up a full-mesh design which uses redundant interfaces. increase the number of FortiGate units in the cluster and configure HA in Active-Active mode. enable monitoring of all active interfaces. configure the HA ping server feature to allow for HA failover in the event that a path is disrupted. Encrypted backup files provide which of the following benefits? (Select all that apply.). Integrity of the backup file is protected since it cannot be easily modified when encrypted. Prevents the backup file from becoming corrupted. Protects details of the device's configuration settings from being discovered while the backup file is in transit. For example, transferred to a data centers for system recovery. A copy of the encrypted backup file is automatically pushed to the FortiGuard Distribution Service (FDS) for disaster recovery purposes. If the backup file becomes corrupt it can be retrieved through FDS. Fortinet Technical Support can recover forgotten passwords with a backdoor passphrase. What advantages are there in using a fully Meshed IPSec VPN configuration instead of a hub and spoke set of IPSec tunnels?. Using a hub and spoke topology is required to achieve full redundancy. Using a full mesh topology simplifies configuration. Using a full mesh topology provides stronger encryption. Full mesh topology is the most fault-tolerant configuration. An administrator configures a VPN and selects the Enable IPSec Interface Mode option in the phase 1 settings. Which of the following statements are correct regarding the IPSec VPN configuration?. To complete the VPN configuration, the administrator must manually create a virtual IPSec interface in Web Config under System > Network. The virtual IPSec interface is automatically created after the phase1 configuration. The IPSec policies must be placed at the top of the list. This VPN cannot be used as part of a hub and spoke topology. Routes were automatically created based on the address objects in the firewall policies. Users may require access to a web site that is blocked by a policy. Administrators can give users the ability to override the block. Which of the following statements regarding overrides is NOT correct?. A web filter profile may only have one user group defined as an override group. A firewall user group can be used to provide override privileges for FortiGuard Web Filtering. When requesting an override, the matched user must belong to a user group for which the override capabilty has been enabled. Overrides can be allowed by the administrator for a specific period of time. Which of the following email spam filtering features is NOT supported on a FortiGate unit?. Multipurpose Internet Mail Extensions (MIME) Header Check. HELO DNS Lookup. Greylisting. Banned Word. Which of the following items represent the minimum configuration steps an administrator must perform to enable Data Leak Prevention for traffic flowing through the FortiGate unit? (Select all that apply.). Assign a DLP sensor in a firewall policy. Apply one or more DLP rules to a firewall policy. Enable DLP globally using the config sys dlp command in the CLI. Define one or more DLP rules. Define a DLP sensor. Apply a DLP sensor to a DoS sensor policy. A FortiGate unit can create a secure connection to a client using SSL VPN in tunnel mode. Which of the following statements are correct regarding the use of tunnel mode SSL VPN? (Select all that apply.). Split tunneling can be enabled when using tunnel mode SSL VPN. Software must be downloaded to the web client to be able to use a tunnel mode SSL VPN. Users attempting to create a tunnel mode SSL VPN connection must be members of a configured user group on the FortiGate unit. Tunnel mode SSL VPN requires the FortiClient software to be installed on the user's computer. The source IP address used by the client for the tunnel mode SSL VPN is assigned by the FortiGate unit. What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds?. Sessions can be idle for no more than 1800 seconds. The maximum length of time a session can be open is 1800 seconds. After 1800 seconds, the end user must reauthenticate. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server. The Host Check feature can be enabled on the FortiGate unit for SSL VPN connections. When this feature is enabled, the FortiGate unit probes the remote host computer to verify that it is "safe" before access is granted. Which of the following items is NOT an option as part of the Host Check feature?. FortiClient Antivirus software. Microsoft Windows Firewall software. FortiClient Firewall software. Third-party Antivirus software. An issue could potentially occur when clicking Connect to start tunnel mode SSL VPN. The tunnel will start up for a few seconds, then shut down. Which of the following statements best describes how to resolve this issue?. This user does not have permission to enable tunnel mode. Make sure that the tunnel mode widget has been added to that user's web portal. This FortiGate unit may have multiple Internet connections. To avoid this problem, use the appropriate CLI command to bind the SSL VPN connection to the original incoming interface. Check the SSL adaptor on the host machine. If necessary, uninstall and reinstall the adaptor from the tunnel mode portal. Make sure that only Internet Explorer is used. All other browsers are unsupported. What are the valid sub-types for a Firewall type policy? (Select all that apply). Device Identity. Address. User Identity. Schedule. SSL VPN. A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit. Which of the following statements are correct regarding these VDOMs? (Select all that apply.). The FortiGate unit supports any combination of these VDOMs in NAT/Route and Transparent modes. The FortiGate unit must be a model 1000 or above to support multiple VDOMs. A license had to be purchased and applied to the FortiGate unit before VDOM mode could be enabled. All VDOMs must operate in the same mode. Changing a VDOM operational mode requires a reboot of the FortiGate unit. An admin account can be assigned to one VDOM or it can have access to all three VDOMs. Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the feature will function. An administrator must assign a set of UTM features to a group of users. Which of the following is the correct method for doing this?. Enable a set of unique UTM features under "Edit User Group". The administrator must enable the UTM features in an identify-based policy applicable to the user group. When defining the UTM objects, the administrator must list the user groups which will use the UTM object. The administrator must apply the UTM features directly to a user object. The following ban list entry is displayed through the CLI. get user ban list id cause src-ip-addr dst-ip-addr expires created 531 protect_client 10.177.0.21 207.1.17.1 indefinite Wed Dec 24 :21:33 2008 Based on this command output, which of the following statements is correct?. The administrator has specified the Attack and Victim Address method for the quarantine. This diagnostic entry results from the administrator running the diag ips log test command. This command has no effect on traffic. A DLP rule has been matched. An attack has been repeated more than once during the holddown period; the expiry time has been reset to indefinite. In addition to AntiVirus services, the FortiGuard Subscription Services provide IPS, Web Filtering, and ___________ services. A FortiGate unit is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root. Which of the following items would an administrator logging in using this account NOT be able to configure?. Firewall addresses. DHCP servers. FortiGuard Distribution Network configuration. PPTP VPN configuration. Alert emails enable the FortiGate unit to send email notifications to an email address upon detection of a pre-defined event type. Which of the following are some of the available event types in Web Config? (Select all that apply.). Intrusion detected. Successful firewall authentication. Oversized file detected. Oversized file detected. FortiGuard Web Filtering rating error detected. How is traffic routed onto an SSL VPN tunnel from the FortiGate unit side?. A static route must be configured by the administrator using the ssl.root interface as the outgoing interface. Assignment of an IP address to the client causes a host route to be added to the FortiGate unit's kernel routing table. A route back to the SSLVPN IP pool is automatically created on the FortiGate unit. The FortiGate unit adds a route based upon the destination address in the SSL VPN firewall policy. The default administrator profile that is assigned to the default "admin" user on a FortGate device is:____________________. trusted-admin. super_admin. super_user. admin. fortinet-root. Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.). VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units. A management VDOM handles SNMP, logging, alert email, and FDN-based updates. VDOMs share firmware versions, as well as antivirus and IPS databases. Only administrative users with a 'super_admin' profile will be able to enter multiple VDOMs to make configuration changes. A FortiAnalyzer device could use which security method to secure the transfer of log data from FortiGate devices?. SSL. IPSec. direct serial connection. S/MIME. Which of the following report templates must be used when scheduling report generation?. Layout Template. Data Filter Template. Output Template. Chart Template. The transfer of encrypted files or the use of encrypted protocols between users and servers on the internet can frustrate the efforts of administrators attempting to monitor traffic passing through the FortiGate unit and ensuring user compliance to corporate rules. Which of the following items will allow the administrator to control the transfer of encrypted data through the FortiGate unit? (Select all that apply.). Encrypted protocols can be scanned through the use of the SSL proxy. DLP rules can be used to block the transmission of encrypted files. Firewall authentication can be enabled in the firewall policy, preventing the use of encrypted communications channels. Application control can be used to monitor the use of encrypted protocols; alerts can be sent to the administrator through email when the use of encrypted protocols is attempted. You wish to create a firewall policy that applies only to traffic intended for your web server. The server has an IP address of 192.168.2.2 and belongs to a class C subnet. When defining the firewall address for use in this policy, which one of the following addressing formats is correct?. 192.168.2.0 / 255.255.255.0. 192.168.2.2 / 255.255.255.0. 192.168.2.0 / 255.255.255.255. 192.168.2.2 / 255.255.255.255. Which of the following statements correctly describes how a push update from the FortiGuard Distribution Network (FDN) works?. The FDN sends push updates only once. The FDN sends package updates automatically to the FortiGate unit without requiring an update request. The FDN continues to send push updates until the FortiGate unit sends an acknowledgement. The FDN sends a message to the FortiGate unit that there is an update available and that the FortiGate unit should download the update. The FortiGate unit can be configured to allow authentication to a RADIUS server. The RADIUS server can use several different authentication protocols during the authentication process. Which of the following are valid authentication protocols that can be used when a user authenticates to the RADIUS server? (Select all that apply.). MS-CHAP-V2 (Microsoft Challenge-Handshake Authentication Protocol v2). PAP (Password Authentication Protocol). CHAP (Challenge-Handshake Authentication Protocol). MS-CHAP (Microsoft Challenge-Handshake Authentication Protocol v1). FAP (FortiGate Authentication Protocol). Which of the following statements is correct regarding the antivirus scanning function on the FortiGate unit?. Antivirus scanning provides end-to-end virus protection for client workstations. Antivirus scanning provides virus protection for the HTTP, Telnet, SMTP, and FTP protocols. Antivirus scanning supports banned word checking. Antivirus scanning supports grayware protection. A FortiGate AntiVirus profile can be configured to scan for viruses on SMTP, FTP, POP3, and SMB protocols using which inspection mode?. Proxy. DNS. Flow-based. Man-in-the-middle. In HA, the option Reserve Management Port for Cluster Member is selected as shown in the Exhibit below. Which of the following statements are correct regarding this setting? (Select all that apply.). Interface settings on port7 will not be synchronized with other cluster members. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface. Port7 appears in the routing table. A gateway address may be configured for port7. When connecting to port7 you always connect to the master device. Which of the following statements best decribes the proxy behavior on a FortiGate unit during an FTP client upload when FTP splice is disabled?. The proxy buffers the entire file from the client, only sending the file to the server if the file is clean. One possible consequence of buffering is that the server could time out. The proxy sends the file to the server while simultaneously buffering it. The proxy removes the infected file from the server by sending a delete command on behalf of the client. If the file being scanned is determined to be clean, the proxy terminates the connection and leaves the file on the server. Because changing the operational mode to Transparent resets device (or vdom) to all defaults, which precautions should an Administrator take prior to performing this? (Select all that apply.). Backup the configuration. Disconnect redundant cables to ensure the topology will not contain layer 2 loops. Set the unit to factory defaults. Update IPS and AV files. Which of the following statements are correct regarding URL filtering on the FortiGate unit? (Select all that apply.). The allowed actions for URL Filtering include Allow, Block and Exempt. The allowed actions for URL Filtering are Allow and Block. The FortiGate unit can filter URLs based on patterns using text and regular expressions. Any URL accessible by a web browser can be blocked using URL Filtering. Multiple URL Filter lists can be added to a single protection profile. Identify the statement which correctly describes the output of the following command: diagnose ips anomaly list. Lists the configured DoS policy. List the real-time counters for the configured DoS policy. Lists the errors captured when compiling the DoS policy. Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode?. The FortiGate unit requires only a single IP address for receiving updates and configuring from a management computer. The FortiGate unit must use public IP addresses on both the internal and external networks. The FortiGate unit commonly uses private IP addresses on the internal network but hides them using network address translation. The FortiGate unit uses only DHCP-assigned IP addresses on the internal network. A firewall policy has been configured such that traffic logging is disabled and a UTM function is enabled. In addition, the system setting 'utm-incident-traffic-log' has been enabled. In which log will a UTM event message be stored?. Traffic. UTM. System. None. UTM features can be applied to which of the following items?. Firewall policies. User groups. Policy routes. Address groups. Which of the following regular expression patterns will make the terms "confidential data" case insensitive?. \[confidential data]. /confidential data/i. i/confidential data/. "confidential data". /confidential data/c. How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.). File TypE. Microsoft Office(msoffice). File TypE. Archive(zip). File TypE. Unknown Filetype(unknown). File NamE. "*.ppt", "*.doc", "*.xls". File NamE. "*.pptx", "*.docx", "*.xlsx". An administrator configures a FortiGate unit in Transparent mode on the 192.168.11.0 subnet. Automatic Discovery is enabled to detect any available FortiAnalyzers on the network. Which of the following FortiAnalyzers will be detected? (Select all that apply.). 192.168.11.100. 192.168.11.251. 192.168.10.100. 192.168.10.251. Which of the following Regular Expression patterns will make the term "bad language" case insensitive?. [bad language]. /bad language/i. i/bad language/. "bad language". /bad language/c. With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent. If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.). The login event is sent to the Collector Agent. The FortiGate unit receives the user information from the Domain Controller Agent of the Secondary Controller. The Collector Agent performs the DNS lookup for the authenticated client's IP address. The user cannot be authenticated with the FortiGate device in this manner because each Domain Controller Agent requires a dedicated Collector Agent. Which of the following statements best describes the green status indicators that appear next to different FortiGuard Distribution Network services as illustrated in the exhibit?. They indicate that the FortiGate unit is able to connect to the FortiGuard Distribution Network. They indicate that the FortiGate unit has the latest updates that are available from the FortiGuard Distribution Network. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit. They indicate that the FortiGate unit is in the process of downloading updates from the FortiGuard Distribution Network. Examine the exhibit shown below; then answer the question following it. Which of the following statements best describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit?. They indicate that the FortiGate unit is able to connect to the FortiGuard Distribution Network. They indicate that the FortiGate unit has the latest updates that are available from the FortiGuard Distribution Network. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit. They indicate that the FortiGate unit is in the process of downloading updates from the FortiGuard Distribution Network. FortiGate device over HTTP. It is intercepted and processed by the configuration shown in the above Exhibits 1-4. Assuming the file is not too large for the File scanning threshold, what action will the FortiGate unit take?. The file will be detected by rule #1 as an 'Audio (mp3)', a log entry will be created and it will be allowed to pass through. The file will be detected by rule #2 as a "*.exe", a log entry will be created and the interface that received the traffic will be brought down. The file will be detected by rule #3 as an Archive(zip), blocked, and a log entry will be created. Nothing, the file will go undetected. In HA, what is the effect of the Disconnect Cluster Member command as given in the Exhibit. The HA mode changes to standalone. Port3 is configured with an IP address for management access. The Firewall rules are purged on the disconnected unit. All other interface IP settings are maintained. By default the Intrusion Protection System (IPS) on a FortiGate unit is set to perform which action?. Block all network attacks. Block the most common network attacks. Allow all traffic. Allow and log all traffic. FortiGate units are preconfigured with four default protection profiles. These protection profiles are used to control the type of content inspection to be performed. What action must be taken for one of these profiles to become active?. The protection profile must be assigned to a firewall policy. The "Use Protection Profile" option must be selected in the Web Config tool under the sections for AntiVirus, IPS, WebFilter, and AntiSpam. The protection profile must be set as the Active Protection Profile. All of the above. Which of the following spam filtering methods are supported on the FortiGate unit? (Select all that apply.). IP Address Check. Open Relay Database List (ORDBL). Black/White List. Return Email DNS Check. Email Checksum Check. An administrator has configured a FortiGate unit so that end users must authenticate against the firewall using digital certificates before browsing the Internet. What must the user have for a successful authentication? (Select all that apply.). An entry in a supported LDAP Directory. A digital certificate issued by any CA server. A valid username and password. A digital certificate issued by the FortiGate unit. Membership in a firewall user group. What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed set of IPSec tunnels? (Select all that apply.). Using a hub and spoke topology is required to achieve full redundancy. Using a hub and spoke topology simplifies configuration because fewer tunnels are required. Using a hub and spoke topology provides stronger encryption. The routing at a spoke is simpler, compared to a meshed node. WAN optimization is configured in Active/Passive mode. When will the remote peer accept an attempt to initiate a tunnel?. The attempt will be accepted when the request comes from a known peer and there is a matching WAN optimization passive rule. The attempt will be accepted when there is a matching WAN optimization passive rule. The attempt will be accepted when the request comes from a known peer. The attempt will be accepted when a user on the remote peer accepts the connection request. Which of the following statements are true regarding Local User Authentication? (Select all that apply.). Local user authentication is based on usernames and passwords stored locally on the FortiGate unit. Two-factor authentication can be enabled on a per user basis. Administrators can create an account for the user locally and specify the remote server to verify the password. Local users are for administration accounts only and cannot be used for identity policies. Which of the following statements are correct about the HA diag command diagnose sys ha reset-uptime? (Select all that apply.). The device this command is executed on is likely to switch from master to slave status if master override is disabled. The device this command is executed on is likely to switch from master to slave status if master override is enabled. This command has no impact on the HA algorithm. This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected. An organization wishes to protect its SIP Server from call flooding attacks. Which of the following configuration changes can be performed on the FortiGate unit to fulfill this requirement?. Apply an application control list which contains a rule for SIP and has the "Limit INVITE Request" option configured. Enable Traffic Shaping for the appropriate SIP firewall policy. Reduce the session time-to-live value for the SIP protocol by running the configure system sessionttl CLI command. Run the set udp-idle-timer CLI command and set a lower time value. The FortiGate Web Config provides a link to update the firmware in the System > Status window. Clicking this link will perform which of the following actions?. It will connect to the Fortinet support site where the appropriate firmware version can be selected. It will send a request to the FortiGuard Distribution Network so that the appropriate firmware version can be pushed down to the FortiGate unit. It will present a prompt to allow browsing to the location of the firmware file. It will automatically connect to the Fortinet support site to download the most recent firmware version for the FortiGate unit. An administrator is examining the attack logs and notices the following entry: type=ips subtype=signature pri=alert vd=root serial=1995 attack_id=103022611 src=69.45.64.22 dst=192.168.1.100 src_port=80 dst_port=4887 src_int=wlan dst_int=internal status=detected proto=6 service=4887/tcp user=N/A group=N/A msg=web_client: IE.IFRAME.BufferOverflow.B Based on the information displayed in this entry, which of the following statements are correct? (Select all that apply.). This is an HTTP server attack. The attack was detected and blocked by the FortiGate unit. The attack was against a FortiGate unit at the 192.168.1.100 IP address. The attack was detected and passed by the FortiGate unit. If Routing Information Protocol (RIP) version 1 or version 2 has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through RIP need to be advertised into Open Shortest Path First (OSPF)?. The FortiGate unit will automatically announce all routes learned through RIP v1 or v2 to its OSPF neighbors. The FortiGate unit will automatically announce all routes learned only through RIP v2 to its OSPF neighbors. At a minimum, the network administrator needs to enable Redistribute RIP in the OSPF Advanced Options. The network administrator needs to configure a RIP to OSPF announce policy as part of the RIP settings. At a minimum, the network administrator needs to enable Redistribute Default in the OSPF Advanced Options. Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.). They both create separate broadcast domains. Port Pairing works only for physical interfaces. Forwarding Domains only apply to virtual interfaces. They may contain physical and/or virtual interfaces. They are only available in high-end models. Which of the following are valid FortiGate device interface methods for handling DNS requests? (Select all that apply.). Forward-only. Non-recursive. Recursive. Iterative. Conditional-forward. Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of 'diag sys session stat' for the STUDENT device. Exhibit B shows the command output of 'diag sys session stat' for the REMOTE device. Given the information provided in the exhibits, which of the following statements are correct? (Select all that apply.). STUDENT is likely to be the master device. Session-pickup is likely to be enabled. The cluster mode is definitely Active-Passive. There is not enough information to determine the cluster mode. For Data Leak Prevention, which of the following describes the difference between the block and quarantine actions?. A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol. A block action prevents the transaction. A quarantine action archives the data. A block action has a finite duration. A quarantine action must be removed by an administrator. A block action is used for known users. A quarantine action is used for unknown users. Which Fortinet products & features could be considered part of a comprehensive solution to monitor and prevent the leakage of senstive data? (Select all that apply.). Archive non-compliant outgoing e-mails using FortiMail. Restrict unofficial methods of transferring files such as P2P using Application Control lists on a FortiGate. Monitor database activity using FortiAnalyzer. Apply a DLP sensor to a firewall policy. Configure FortiClient to prevent files flagged as sensitive from being copied to a USB disk. When viewing the Banned User monitor in Web Config, the administrator notes the entry illustrated in the exhibit. Which of the following statements is correct regarding this entry?. The entry displays a ban that has been added as a result of traffic triggering a configured DLP rule. The entry displays a ban that was triggered by HTTP traffic matching an IPS signature. This client is banned from receiving or sending any traffic through the FortiGate. The entry displays a quarantine, which could have been added by either IPS or DLP. This entry displays a ban entry that was added manually by the administrator on June11th. Which of the following statements is not correct regarding virtual domains (VDOMs)?. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units. A management VDOM handles SNMP, logging, alert email, and FDN-based updates. A backup management VDOM will synchronize the configuration from an active management VDOM. VDOMs share firmware versions, as well as antivirus and IPS databases. Only administrative users with a super_admin profile will be able to enter all VDOMs to make configuration changes. Review the IKE debug output for IPsec shown in the Exhibit below. Which one of the following statements is correct regarding this output?. The output is a Phase 1 negotiation. The output is a Phase 2 negotiation. The output captures the Dead Peer Detection messages. The output captures the Dead Gateway Detection packets. Which of the following Session TTL values will take precedence?. Session TTL specified at the system level for that port number. Session TTL specified in the matching firewall policy. Session TTL dictated by the application control list associated with the matching firewall policy. The default session TTL specified at the system level. Examine the Exhibit shown below; then answer the question following it. The Vancouver FortiGate unit initially had the following information in its routing table: S 172.20.0.0/16 [10/0] via 172.21.1.2, port2 C 172.21.0.0/16 is directly connected, port2 C 172.11.11.0/24 is directly connected, port1 Afterwards, the following static route was added: config router static edit 6 set dst 172.20.1.0 255.255.255.0 set pririoty 0 set device port1 set gateway 172.11.12.1 next end Since this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?. The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first. The 'gateway' IP address is NOT in the same subnet as the IP address of port1. The 'gateway' IP address is NOT in the same subnet as the IP address of port1. The static route configuration is missing the distance setting. Which of the following pieces of information can be included in the Destination Address field of a firewall policy?. An IP address pool, a virtual IP address, an actual IP address, and an IP address group. A virtual IP address, an actual IP address, and an IP address group. An actual IP address and an IP address group. Only an actual IP address. Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it. config router static edit 1 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 10 set device port1 next edit 2 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 20 set device port2 next end Which of the following statements correctly describes the static routing configuration provided above?. The FortiGate unit will evenly share the traffic to 172.20.168.0/24 through both routes. The FortiGate unit will share the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic. The FortiGate unit will send all the traffic to 172.20.168.0/24 through port1. Only the route that is using port1 will show up in the routing table. Which of the following statements is correct based on the firewall configuration illustrated in the exhibit?. A user can access the Internet using only the protocols that are supported by user authentication. A user can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. These require authentication before the user will be allowed access. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access any services. A user cannot access the Internet using any protocols unless the user has passed firewall authentication. A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity. The following troubleshooting commands are executed from the DOS prompt on the PC and from the CLI. C:\>ping 10.0.1.1 Pinging 10.0.1.1 with 32 bytes of data: Reply from 10.0.1.1: bytes=32 time=1ms TTL=255 Reply from 10.0.1.1: bytes=32 time<1ms TTL=255 Reply from 10.0.1.1: bytes=32 time<1ms TTL=255 Reply from 10.0.1.1: bytes=32 time<1ms TTL=255 user1 # get system interface == [ internal ] namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up netbios-forwarD. disable typE. physical mtu-overridE. disable == [ vlan1 ] namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb ios-forwarD. disable typE. vlan mtu-overridE. disable user1 # diagnose debug flow trace start 100 user1 # diagnose debug ena user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1 id=20085 trace_id=274 msg="vd-root received a packet(proto=6, 10.0.1.130:47927>10.0.1.1:443) from internal." id=20085 trace_id=274 msg="allocate a new session-00000b1b" id=20085 trace_id=274 msg="find SNAT: IP-10.0.1.1, port-43798" id=20085 trace_id=274 msg="iprope_in_check() check failed, drop" Based on the output from these commands, which of the following explanations is a possible cause of the problem?. The Fortigate unit has no route back to the PC. The PC has an IP address in the wrong subnet. The PC is using an incorrect default gateway IP address. The FortiGate unit does not have the HTTPS service configured on the VLAN1 interface. There is no firewall policy allowing traffic from INTERNAL-> VLAN1. Which of the following statements are correct based on the firewall configuration illustrated in the exhibit? (Select all that apply.). A user can access the Internet using only the protocols that are supported by user authentication. A user can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. These require authentication before the user will be allowed access. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access any services. A user cannot access the Internet using any protocols unless the user has passed firewall authentication. Which of the following describes the difference between the ban and quarantine actions?. A ban action prevents future transactions using the same protocol which triggered the ban. A qarantine action blocks all future transactions, regardless of the protocol. A ban action blocks the transaction. A quarantine action archives the data. A ban action has a finite duration. A quarantine action must be removed by an administrator. A ban action is used for known users. A quarantine action is used for unknown users. An administrator wishes to generate a report showing Top Traffic by service type. They notice that web traffic overwhelms the pie chart and want to exclude the web traffic from the report. Which of the following statements best describes how to do this?. In the Service field of the Data Filter, type 80/tcp and select the NOT checkbox. Add the following entry to the Generic Field section of the Data Filter: service="!web". When editing the chart, uncheck wlog to indicate that Web Filtering data is being excluded when generating the chart. When editing the chart, enter 'http' in the Exclude Service field. The FortiGate Server Authentication Extensions (FSAE) provide a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory. Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply.). An FSAE Collector Agent must be installed on every domain controller. An FSAE Domain Controller Agent must be installed on every domain controller. The FSAE Domain Controller Agent will regularly update user logon information on the FortiGate unit. The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit. Which one of the following statements correctly describes this output?. The two routes to the 10.0.2.0/24 subnet are ECMP routes and traffic will be load balanced based on the configured ECMP settings. The route to the 10.0.2.0/24 subnet via interface Remote_1 is the active and the route via Remote_2 is the backup. OSPF does not support ECMP therefore only the first route to subnet 10.0.1.0/24 is used. 172.16.2.1 is the preferred gateway for subnet 10.0.2.0/24. Which of the following features could be used by an administrator to block FTP uploads while still allowing FTP downloads?. Anti-Virus File-Type Blocking. Data Leak Prevention. Network Admission Control. FortiClient Check. Select the answer that describes what the CLI command diag debug authd fsso list is used for. Monitors communications between the FSSO Collector Agent and FortiGate unit. Displays which users are currently logged on using FSSO. Displays a listing of all connected FSSO Collector Agents. Lists all DC Agents installed on all Domain Controllers. Which of the following antivirus and attack definition update options are supported by FortiGate units? (Select all that apply.). Manual update by downloading the signatures from the support site. Pull updates from the FortiGate device. Push updates from the FortiGuard Distribution Network. "update-AV/AS" command from the CLI. What is the FortiGate unit password recovery process?. Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry. Log in through the console port using the "maintainer" account within approximately 30 seconds of a reboot. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password. The only way to regain access is to interrupt the boot sequence and restore a configuration file for which the password has been modified. The only way to regain access is to interrupt the boot sequence and restore a configuration file for which the password has been modified. Enable Web Filter URL blocking and add the URL of the FTP site to the URL Block list. Create a firewall policy with destination address set to the IP address of the FTP site, the Service set to FTP, and the Action set to Deny. Create a firewall policy with a protection profile containing the Block FTP option enabled. None of the above. Which of the following represents the correct order of criteria used for the selection of a Master unit within a FortiGate High Availability (HA) cluster when master override is disabled?. 1. port monitor, 2. unit priority, 3. up time, 4. serial number. 1. port monitor, 2. up time, 3. unit priority, 4. serial number. 1. unit priority, 2. up time, 3. port monitor, 4. serial number. 1. up time, 2. unit priority, 3. port monitor, 4. serial number. In a High Availability configuration operating in Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session?. Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server. Request: Internal Host -> Master FG -> Slave FG -> Master FG -> Internet -> Web Server. Request: Internal Host -> Slave FG -> Internet -> Web Server. Request: Internal Host -> Slave FG -> Master FG -> Internet -> Web Server. Which statement is correct regarding virus scanning on a FortiGate unit?. Virus scanning is enabled by default. Fortinet Customer Support enables virus scanning remotely for you. Virus scanning must be enabled in a protection profile and the protection profile must be assigned to a firewall policy. Enabling virus scanning in a protection profile enables virus scanning for all traffic flowing through the FortiGate. A FortiGate unit is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. Which of the following statements are possible reasons for this? (Select all that apply.). The external facing interface of the FortiGate unit is configured to use DHCP. The FortiGate unit has not been registered. There is a NAT device between the FortiGate unit and the FortiGuard Distribution Network and no override push IP is configured. The FortiGate unit is in Transparent mode which does not support push updates. The __________CLI command is used on the FortiGate unit to run static commands such as ping or to reset the FortiGate unit to factory defaults. A firewall policy has been configured for the internal email server to receive email from external parties through SMTP. Exhibits A and B show the AntiVirus and Email Filter profiles applied to this policy. What is the correct behavior when the email attachment is detected as a virus by the FortiGate AntiVirus engine. The FortiGate unit will remove the infected file and deliver the email with a replacement message to alert the recipient that the original attachment was infected. The FortiGate unit will reject the infected email and notify both the sender and recipient. The FortiGate unit will remove the infected file and add a replacement message. Both sender and recipient are notified that the infected file has been removed. The FortiGate unit will reject the infected email and notify the sender. Which of the following statements is correct regarding URL Filtering on the FortiGate unit?. The available actions for URL Filtering are Allow and Block. Multiple URL Filter lists can be added to a single Web filter profile. A FortiGuard Web Filtering Override match will override a block action in the URL filter list. The available actions for URL Filtering are Allow, Block and Exempt. If Open Shortest Path First (OSPF) has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through OSPF need to be announced by Border Gateway Protocol (BGP)?. The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Autonomous System Boundary Router (ASBR). The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Area Border Router (ABR). At a minimum, the network administrator needs to enable Redistribute OSPF in the BGP settings. The BGP local AS number must be the same as the OSPF area number of the routes learned that need to be redistributed into BGP. By design, BGP cannot redistribute routes learned through OSPF. Both the FortiGate and FortiAnalyzer units can notify administrators when certain alert conditions are met. Considering this, which of the following statements is NOT correct?. On a FortiGate device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two. On a FortiAnalyzer device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two. Only a FortiAnalyzer device can send the alert notification in the form of a syslog message. Both the FortiGate and FortiAnalyzer devices can send alert notifications in the form of an email alert. You are the administrator in charge of a FortiGate unit which acts as a VPN gateway. You have chosen to use Interface Mode when configuring the VPN tunnel and you want users from either side to be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate unit already has a default route. Which of the following configuration steps are required to achieve these objectives? (Select all that apply.). Create one firewall policy. Create two firewall policies. Add a route for the remote subnet. Add a route for incoming traffic. Create a phase 1 definition. Create a phase 2 definition. Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Select all that apply.). The administrator should configure inter-VDOM links to avoid using external interfaces and routers. As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links. This provides the same level of security internally as externally. This configuration requires the use of an external router. Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached. As each VDOM has an independant routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs. Examine the following log message for IPS and identify the valid responses below. (Select all that apply.) 2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root severity="critical" src="192.168.3.168" dst="192.168.3.170" src_int="port2" serial=0 status="detected" proto=1 service="icmp" count=1 attack_name="icmp_flood" icmp_id="0xa8a4" icmp_type="0x08" icmp_code="0x00" attack_id=16777316 sensor="1" ref="http://www.fortinet.com/ids/VID16777316" msg="anomaly: icmp_flood, 51 > threshold 50". The target is 192.168.3.168. The target is 192.168.3.170. The attack was detected and blocked. The attack was detected only. The attack was TCP based. SSL content inspection is enabled on the FortiGate unit. Which of the following steps is required to prevent a user from being presented with a web browser warning when accessing an SSLencrypted website?. The root certificate of the FortiGate SSL proxy must be imported into the local certificate store on the user's workstation. Disable the strict server certificate check in the web browser under Internet Options. Enable transparent proxy mode on the FortiGate unit. Enable NTLM authentication on the FortiGate unit. NTLM authentication suppresses the certificate warning messages in the web browser. Which of the following items does NOT support the Logging feature?. File Filter. Application control. Session timeouts. Administrator activities. Web URL filtering. Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.). Firewall. Directory Service. Local. LDAP. PKI. Which spam filter is not available on a FortiGate device?. Sender IP reputation database. URLs included in the body of known SPAM messages. Email addresses included in the body of known SPAM messages. Spam object checksums. Spam grey listing. Which of the following tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Select all that apply.). The web client SSL handshake. The web server SSL handshake. File buffering. Communication with the urlfilter process. Which of the following statements is correct regarding this configuration?. The connecting VPN client will install a route to a destination corresponding to the STUDENT_INTERNAL address object. The connecting VPN client will install a default route. The connecting VPN client will install a route to the 172.20.1.[1-5] address range. The connecting VPN client will connect in web portal mode and no route will be installed. Which of the following items are considered to be advantages of using the application control features on the FortiGate unit? Application control allows an administor to: set a unique session-ttl for select applications. customize application types in a similar way to adding custom IPS signatures. check which applications are installed on workstations attempting to access the network. enable AV scanning per application rather than per policy. The eicar test virus is put into a zip archive, which is given the password of "Fortinet" in order to open the archive. Review the configuration in the exhibits shown below; then answer the question. Which of one the following profiles could be enabled in order to prevent the file from passing through the FortiGate device over HTTP on the standard port for that protocol?. Only Exhibit A. Only Exhibit B. Only Exhibit C with default UTM Proxy settings. All of the Exhibits (A, B and C). Only Exhibit C with non-default UTM Proxy settings (Exhibit B). A static route is configured for a FortiGate unit from the CLI using the following commands: config router static edit 1 set device "wan1" set distance 20 set gateway 192.168.100.1 next end Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit's routing table?. The Administrative Status of the wan1 interface is displayed as Up. The Link Status of the wan1 interface is displayed as Up. All other default routes should have an equal or higher distance. You must disable DHCP client on that interface. Caching improves performance by reducing FortiGate unit requests to the FortiGuard server. Which of the following statements are correct regarding the caching of FortiGuard responses? (Select all that apply.). Caching is available for web filtering, antispam, and IPS requests. The cache uses a small portion of the FortiGate system memory. When the cache is full, the least recently used IP address or URL is deleted from the cache. An administrator can configure the number of seconds to store information in the cache before the FortiGate unit contacts the FortiGuard server again. The size of the cache will increase to accomodate any number of cached queries. File blocking rules are applied before which of the following?. Firewall policy processing. Virus scanning. Web URL filtering. White/Black list filtering. A client can create a secure connection to a FortiGate device using SSL VPN in web-only mode. Which one of the following statements is correct regarding the use of web-only mode SSL VPN?. Web-only mode supports SSL version 3 only. A Fortinet-supplied plug-in is required on the web client to use web-only mode SSL VPN. Web-only mode requires the user to have a web browser that supports 64-bit cipher length. The JAVA run-time environment must be installed on the client to be able to connect to a web-only mode SSL VPN. In an IPSec gateway-to-gateway configuration, two FortiGate units create a VPN tunnel between two separate private networks. Which of the following configuration steps must be performed on both FortiGate units to support this configuration? (Select all that apply.). Create firewall policies to control traffic between the IP source and destination address. Configure the appropriate user groups on the FortiGate units to allow users access to the IPSec VPN connection. Set the operating mode of the FortiGate unit to IPSec VPN mode. Define the Phase 2 parameters that the FortiGate unit needs to create a VPN tunnel with the remote peer. Define the Phase 1 parameters that the FortiGate unit needs to authenticate the remote peers. What is the FortiGate unit password recovery process?. Interupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry. Log in through the console port using the maintainer account within several minutes of a reboot. Hold CTRL + break during reboot and reset the admin password. The only way to regain access is to interrupt boot sequence and restore a configuration file for which the password has been modified. Which of the following statements are correct regarding this output? (Select all that apply.). The connecting client has been allocated address 172.20.1.1. In the Phase 1 settings, dead peer detection is enabled. The tunnel is idle. The connecting client has been allocated address 10.200.3.1. Review the IPsec phase1 configuration in the Exhibit shown below; then answer the question following it. Which of the following statements are correct regarding this configuration? (Select all that apply). The phase1 is for a route-based VPN configuration. The phase1 is for a policy-based VPN configuration. The local gateway IP is the address assigned to port1. The local gateway IP address is 10.200.3.1. Which of the following statements correctly describes the deepscan option for HTTPS?. When deepscan is disabled, only the web server certificate is inspected; no decryption of content occurs. Enabling deepscan will perform further checks on the server certificate. Deepscan is only applicable to mail protocols, where all IP addresses in the header are checked. With deepscan enabled, archived files will be decompressed before scanning for a more comprehensive file inspection. A FortiGate unit can act as which of the following? (Select all that apply.). Antispam filter. Firewall. VPN gateway. Mail relay. Mail server. Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies?. TCP connection. File attachments. Message headers. Message body. Which of the following statements correctly describes how a FortiGate unit functions in Transparent mode?. To manage the FortiGate unit, one of the interfaces must be designated as the management interface. This interface may not be used for forwarding data. An IP address is used to manage the FortiGate unit but this IP address is not associated with a specific interface. The FortiGate unit must use public IP addresses on the internal and external networks. The FortiGate unit uses private IP addresses on the internal network but hides them using. A firewall policy has been configured for the internal email server to receive email from external parties through SMTP. Exhibits A and B show the antivirus and email filter profiles applied to this policy. Exhibit A: Exhibit B: What is the correct behavior when the email attachment is detected as a virus by the FortiGate antivirus engine?. The FortiGate unit will remove the infected file and deliver the email with a replacement message to alert the recipient that the original attachment was infected. The FortiGate unit will reject the infected email and the sender will receive a failed delivery message. The FortiGate unit will remove the infected file and add a replacement message. Both sender and recipient are notified that the infected file has been removed. The FortiGate unit will reject the infected email and notify the sender. A portion of the device listing for a FortiAnalyzer unit is displayed in the exhibit. Which of the following statements best describes the reason why the FortiGate 60B unit is unable to archive data to the FortiAnalyzer unit?. The FortiGate unit is considered an unregistered device. The FortiGate unit has been blocked from sending archive data to the FortiAnalyzer device by the administrator. The FortiGate unit has insufficient privileges. The administrator should edit the device entry in the FortiAnalyzer and modify the privileges. The FortiGate unit is being treated as a syslog device and is only permitted to send log data. In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate unit when searching for a suitable gateway?. A look-up is done only when the first packet coming from the client (SYN) arrives. A look-up is done when the first packet coming from the client (SYN) arrives, and a second is performed when the first packet coming from the server (SYNC/ACK) arrives. A look-up is done only during the TCP 3-way handshake (SYNC, SYNC/ACK, ACK). A look-up is always done each time a packet arrives, from either the server or the client side. A look-up is always done each time a packet arrives, from either the server or the client side. They are processed from the top down according to their sequence number. They are processed based on the policy ID number shown in the left hand column of the policy window. They are processed on best match. They are processed based on a priority value assigned through the priority column in the policy window. Which of the following items is NOT a packet characteristic matched by a firewall service object?. ICMP type and code. TCP/UDP source and destination ports. IP protocol number. TCP sequence number. What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds?. Sessions can be idle for no more than 1800 seconds. The maximum length of time a session can be open is 1800 seconds. After 1800 seconds, the end user must reauthenticate. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server. In the Tunnel Mode widget of the web portal, the administrator has configured an IP Pool and enabled split tunneling. Which of the following statements is true about the IP address used by the SSL VPN client?. The IP pool specified in the SSL-VPN Tunnel Mode Widget Options will override the IP address range defined in the SSL-VPN Settings. Because split tunneling is enabled, no IP address needs to be assigned for the SSL VPN tunnel to be established. The IP address range specified in SSL-VPN Settings will override the IP address range in the SSL-VPN Tunnel Mode Widget Options. Under the System Information widget on the dashboard, which of the following actions are available for the system configuration? (Select all that apply.). Backup. Restore. Revisions. Export. Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode?. The FortiGate unit applies NAT to all traffic. The FortiGate unit functions as a Layer 3 device. The FortiGate unit functions as a Layer 2 device. The FortiGate unit functions as a router and the firewall function is disabled. Review the IPsec Phase2 configuration shown in the Exhibit; then answer the question. Which of the following statements are correct regarding this configuration? (Select all that apply). The Phase 2 will re-key even if there is no traffic. There will be a DH exchange for each re-key. The sequence number of ESP packets received from the peer will not be checked. Quick mode selectors will default to those used in the firewall policy. An end user logs into the full-access SSL VPN portal and selects the Tunnel Mode option by clicking on the "Connect" button. The administrator has enabled split tunneling. Given that the user authenticates against the SSL VPN policy shown in the image below, which statement below identifies the route that is added to the client's routing table. A route to destination matching the 'WIN2K3' address object. A route to the destination matching the 'all' address object. A default route. No route is added. Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of 'show system ha' for the STUDENT device. Exhibit B shows the command output of 'show system ha' for the REMOTE device. Exhibit A: Exhibit B Which one of the following is the most likely reason that the cluster fails to form?. Password. HA mode. Hearbeat. Override. Examine the static route configuration shown below; then answer the question following it. config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway 172.11.12.1 set distance 10 set weight 5 next edit 2 set dst 172.20.1.0 255.255.255.0 set blackhole enable set distance 5 set weight 10 next end Which of the following statements correctly describes the static routing configuration provided? (Select all that apply.). All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit. As long as port1 is up, all the traffic to 172.20.1.0/24 will be routed by the static route number 1. If the interface port1 is down, the traffic will be routed using the blackhole route. The FortiGate unit will NOT create a session entry in the session table when the traffic is being routed by the blackhole route. The FortiGate unit will create a session entry in the session table when the traffic is being routed by the blackhole route. Traffic to 172.20.1.0/24 will be shared through both routes. The diag sys session list command is executed in the CLI. The output of this command is shown in the exhibit. Based on the output from this command, which of the following statements is correct?. This is a UDP session. Traffic shaping is being applied to this session. This is an ICMP session. This traffic has been authenticated. This session matches a firewall policy with ID 5. An issue could potentially occur when clicking Connect to start tunnel mode SSL VPN. The tunnel will start up for a few seconds, then shut down. Which of the following statements best describes how to resolve this issue?. This user does not have permission to enable tunnel mode. Make sure that the tunnel mode widget has been added to that user's web portal. This FortiGate unit may have multiple Internet connections. To avoid this problem, use the appropriate CLI command to bind the SSL VPN connection to the original incoming interface. This FortiGate unit may have multiple Internet connections. To avoid this problem, use the appropriate CLI command to bind the SSL VPN connection to the original incoming interface. Make sure that only Internet Explorer is used. All other browsers are unsupported. Which of the following statements are correct regarding the configuration of a FortiGate unit as an SSL VPN gateway? (Select all that apply.). Tunnel mode can only be used if the SSL VPN user groups have at least one Host Check option enabled. The specific routes needed to access internal resources through an SSL VPN connection in tunnel mode from the client computer are defined in the routing widget associated with the SSL VPN portal. In order to apply a portal to a user, that user must belong to an SSL VPN user group. The portal settings specify whether the connection will operate in web-only or tunnel mode. A client can establish a secure connection to a corporate network using SSL VPN in tunnel mode. Which of the following statements are correct regarding the use of tunnel mode SSL VPN? (Select all that apply.). Split tunneling can be enabled when using tunnel mode SSL VPN. Client software is required to be able to use a tunnel mode SSL VPN. Users attempting to create a tunnel mode SSL VPN connection must be authenticated by at least one SSL VPN policy. The source IP address used by the client for the tunnel mode SSL VPN is assigned by the FortiGate unit. Which of the following statements best describes the proxy behavior on a FortiGate unit during an FTP client upload when FTP splice is disabled?. The proxy will not allow a file to be transmitted in multiple streams simultaneously. The proxy sends the file to the server while simultaneously buffering it. If the file being scanned is determined to be infected, the proxy deletes it from the server by sending a delete command on behalf of the client. If the file being scanned is determined to be clean, the proxy terminates the connection and leaves the file on the server. A FortiGate administrator configures a Virtual Domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in Web Config in the management VDOM. What would be a possible cause for this problem?. The dmz interface is referenced in the configuration of another VDOM. The administrator does not have the proper permissions to reassign the dmz interface. Non-management VDOMs can not reference physical interfaces. The dmz interface is in PPPoE or DHCP mode. Reassigning an interface to a different VDOM can only be done through the CLI. Which of the following items is NOT a packet characteristic matched by a firewall service object?. TCP/UDP source and destination ports. TCP sequence number. IP protocol number. ICMP type and code. Which of the following antivirus and attack definition update features are supported by FortiGate units? (Select all that apply.). Manual, user-initiated updates from the FortiGuard Distribution Network. Hourly, daily, or weekly scheduled antivirus and attack definition and antivirus engine updates from the FortiGuard Distribution Network. Push updates from the FortiGuard Distribution Network. Update status including version numbers, expiry dates, and most recent update dates and times. Which of the following statements are correct regarding this configuration? (Select all that apply). Remote_1 is a Phase 1 object with interface mode enabled. The gateway address is not required because the interface is a point-to-point connection. The gateway address is not required because the default route is used. Remote_1 is a firewall zone. The command structure of the CLI on a FortiGate unit consists of commands, objects, branches, tables and parameters. Which of the following items describes port1?. A command. An object. A table. A parameter. You are the administrator in charge of a FortiGate unit which acts as a VPN gateway. You have chosen to use Interface Mode when configuring the VPN tunnel and you want users from either side to be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate unit already has a default route. Which of the following configuration steps are required to achieve these objectives? (Select all that apply.). Create one firewall policy. Create two firewall policies. Add a route for the remote subnet. Add a route for incoming traffic. Create a phase 1 definition. Create a phase 2 definition. Based on the web filtering configuration illustrated in the exhibit,which one of the following statements is not a reasonable conclusion?. Users can access both the www.google.com site and the www.fortinet.com site. When a user attempts to access the www.google.com site, the FortiGate unit will not perform web filtering on the content of that site. When a user attempts to access the www.fortinet.com site, any remaining web filtering will be bypassed. When a user attempts to access the www.fortinet.com site, any remaining web filtering will be bypassed. A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity. The following troubleshooting commands are executed from the CLI: user1 # get system interface == [ internal ] namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up netbios-forwarD. disable typE. physical mtu-overridE. disable == [ vlan1 ] namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb ios-forwarD. disable typE. vlan mtu-overridE. disable user1 # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BG P O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default S 10.0.0.0/8 [10/0] is a summary, Null C 10.0.1.0/25 is directly connected, vlan1 C 10.0.1.128/25 is directly connected, internal user1 # diagnose debug flow trace start 100 user1 # diagnose debug ena user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1 id=20085 trace_id=277 msg="vd-root received a packet(proto=6, 10.0.1.130 :47922->10.0.1.1:443) from internal." id=20085 trace_id=277 msg="allocate a new session-00000b21" id=20085 trace_id=277 msg="iprope_in_check() check failed, drop" Based on the output from these commands, which of the following is a possible cause of the problem?. The FortiGate unit has no route back to the PC. The PC has an IP address in the wrong subnet. The PC is using an incorrect default gateway IP address. There is no firewall policy allowing traffic from INTERNAL -> VLAN1. Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.) config ips sensor edit "LINUX_SERVER" set comment '' set replacemsg-group '' set log enable config entries edit 1 set action default set application all set location server set log enable set log-packet enable set os Linux set protocol all set quarantine none set severity all set status default next end next end. The sensor will log all server attacks for all operating systems. The sensor will include a PCAP file with a trace of the matching packets in the log message of any matched signature. The sensor will match all traffic from the address object 'LINUX_SERVER'. The sensor will reset all connections that match these signatures. The sensor only filters which IPS signatures to apply to the selected firewall policy. Which of the following are valid components of the Fortinet Server Authentication Extensions (FSAE)? (Select all that apply.). Domain Local Security Agent. Collector Agent. Active Directory Agent. User Authentication Agent. Domain Controller Agent. The command structure of the FortiGate CLI consists of commands, objects, branches, tables, and parameters. Which of the following items describes user?. A command. An object. A table. A parameter. Which of the following methods can be used to access the CLI? (Select all that apply.). By using a direct connection to a serial console. By using the CLI console window in Web Config. By using an SSH connection. By using a Telnet connection. Which of the following statements is correct about how the FortiGate unit verifies username and password during user authentication?. If a remote server is included in a user group, it will be checked before local accounts. An administrator can define a local account for which the password must be verified by querying a remote server. If authentication fails with a local password, the FortiGate unit will query the authentication server if the local user is configured with both a local password and an authentication server. The FortiGate unit will only attempt to authenticate against Active Directory if Fortinet Server Authentication Extensions are installed and configured. Examine the Exhibit shown below; then answer the question following it. In this scenario, the Fortigate unit in Ottawa has the following routing table: S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2 C 172.20.167.0/24 is directly connected, port1 C 172.20.170.0/24 is directly connected, port2 Sniffer tests show that packets sent from the Source IP address 172.20.168.2 to the Destination IP address 172.20.169.2 are being dropped by the FortiGate unit located in Ottawa. Which of the following correctly describes the cause for the dropped packets?. The forward policy check. The reverse path forwarding check. The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate unit's routing table. The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table. Users may require access to a web site that is blocked by a policy. Administrators can give users the ability to override the block. Which of the following statements regarding overrides are correct? (Select all that apply.). A protection profile may have only one user group defined as an override group. A firewall user group can be used to provide override privileges for FortiGuard Web Filtering. Authentication to allow the override is based on a user's membership in a user group. Overrides can be allowed by the administrator for a specific period of time. In a High Availability cluster operating in Active-Active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a subordinate unit?. Request: Internal Host; Master FortiGate; Slave FortiGate; Internet; Web Server. Request: Internal Host; Master FortiGate; Slave FortiGate; Master FortiGate; Internet; Web Server. Request: Internal Host; Slave FortiGate; Internet; Web Server. Request: Internal Host; Slave FortiGate; Master FortiGate; Internet; Web Server. Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the feature will function. How are UTM features applied to traffic?. One or more UTM features are enabled in a firewall policy. In the system configuration for that UTM feature, you can identify the policies to which the feature is to be applied. Enable the appropriate UTM objects and identify one of them as the default. For each UTM object, identify which policy will use it. The ordering of firewall policies is very important. Policies can be re-ordered within the FortiGate Web Config and also using the CLI. The command used in the CLI to perform this function is __________. set order. edit policy. reorder. move. You wish to create a firewall policy that applies only to traffic intended for your web server. The web server has an IP address of 192.168.2.2 and a /24 subnet mask. When defining the firewall address for use in this policy, which one of the following addresses is correct?. 192.168.2.0 / 255.255.255.0. 192.168.2.2 / 255.255.255.0. 192.168.2.0 / 255.255.255.255. 192.168.2.2 / 255.255.255.255. Which of the following pieces of information can be included in the Destination Address field of a firewall policy? (Select all that apply.). An IP address pool. A virtual IP address. An actual IP address or an IP address group. An FQDN or Geographic value(s). When the SSL proxy inspects the server certificate for Web Filtering only in SSL Handshake mode, which certificate field is being used to determine the site rating?. Common Name. Organization. Organizational Unit. Serial Number. Validity. Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit. Which of the following statements is correct regarding this output? (Select one answer). One tunnel is rekeying. Two tunnels are rekeying. Two tunnels are up. One tunnel is up. Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit?. Packet encryption. MIB-based report uploads. SNMP access limits through access lists. Running SNMP service on a non-standard port is possible. Which of the following logging options are supported on a FortiGate unit? (Select all that apply.). LDAP. Syslog. FortiAnalyzer. Local disk and/or memory. Which of the following must be configured on a FortiGate unit to redirect content requests to remote web cache servers?. WCCP must be enabled on the interface facing the Web cache. You must enabled explicit Web-proxy on the incoming interface. WCCP must be enabled as a global setting on the FortiGate unit. WCCP must be enabled on all interfaces on the FortiGate unit through which HTTP traffic is passing. Which of the following methods can be used to access the CLI? (Select all that apply.). By using a direct connection to a serial console. By using the CLI console window in the GUI. By using an SSH connection. By using a Telnet connection. Which of the following items is NOT a packet characteristic matched by a firewall service object?. ICMP type and code. TCP/UDP source and destination ports. IP protocol number. TCP sequence number. In which order are firewall policies processed on the FortiGate unit?. They are processed from the top down as they appear in Web Config. They are processed based on the policy ID number shown in the left hand column of the policy window. They are processed using a policy hierarchy scheme that allows for multiple decision branching. They are processed based on a priority value assigned through the priority column in the policy window. Which of the following statements is correct about configuring web filtering overrides?. The Override option for FortiGuard Web Filtering is available for any user group type. Admin overrides require an administrator to manually allow pending override requests which are listed in the Override Monitor. The Override Scopes of User and User Group are only for use when Firewall Policy Authentication is also being used. Using Web Filtering Overrides requires the use of Firewall Policy Authentication. SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection?. The file is buffered by the application proxy. The file is buffered by the SSL proxy. In the upload direction, the file is buffered by the SSL proxy. In the download direction, the file is buffered by the application proxy. No file buffering is needed since a stream-based scanning approach is used for SSL content inspection. Which of the following statements regarding Banned Words are correct? (Select all that apply.). The FortiGate unit can scan web pages and email messages for instances of banned words. When creating a banned word list, an administrator can indicate either specific words or patterns. Banned words can be expressed as simple text, wildcards or regular expressions. Content is automatically blocked if a single instance of a banned word appears. The FortiGate unit updates banned words on a periodic basis. An administrator wants to assign a set of UTM features to a group of users. Which of the following is the correct method for doing this?. An administrator wants to assign a set of UTM features to a group of users. Which of the following is the correct method for doing this?. The administrator must enable the UTM profiles in an identity-based policy applicable to the user group. When defining the UTM objects, the administrator must list the user groups which will use the UTM object. The administrator must apply the UTM features directly to a user object. Which email filter is NOT available on a FortiGate device?. Sender IP reputation database. URLs included in the body of known SPAM messages. Email addresses included in the body of known SPAM messages. Spam object checksums. Spam grey listing. The ordering of firewall policies is very important. Policies can be re-ordered within the FortiGate unit's GUI and also using the CLI. The command used in the CLI to perform this function is ______ . set order. edit policy. reorder. move. Identify the correct properties of a partial mesh VPN deployment: VPN tunnels interconnect between every single location. VPN tunnels are not configured between every single location. Some locations are reached via a hub location. There are no hub locations in a partial mesh. What are the requirements for a cluster to maintain TCP connections after device or link failover? (Select all that apply.). Enable session pick-up. Only applies to connections handled by a proxy. Only applies to UDP and ICMP connections. Connections must not be handled by a proxy. Which of the following represents the method used on a FortiGate unit running FortiOS version 4.2 to apply traffic shaping to P2P traffic, such as BitTorrent?. Apply a Traffic Shaper to a BitTorrent entry in an Application Control List. Enable the Shape option in a Firewall policy with a Service set to BitTorrent. Define a DLP Rule to match against BitTorrent traffic and include the rule in a DLP Sensor with Traffic Shaping enabled. Specify the amount of Rate Limiting to be applied to BitTorrent traffic through the P2P settings of the Firewall Policy Protocol Options. In order to load-share traffic using multiple static routes, the routes must be configured with ... the same distance and same priority. the same distance and same priority. the same distance but each of them must be assigned a unique priority. a distance equal to its desired weight for ECMP but all must have the same priority. Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies?. TCP connection. File attachments. Message headers. Message body. Which of the following statements correctly describe Transparent Mode operation? (Select all that apply.). The FortiGate unit acts as transparent bridge and routes traffic using Layer-2 forwarding. Ethernet packets are forwarded based on destination MAC addresses NOT IPs. The device is transparent to network hosts. Permits inline traffic inspection and firewalling without changing the IP scheme of the network. All interfaces must be on different IP subnets. Which of the following statements regarding the firewall policy authentication timeout is true?. The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be "idle" if it does not see any packets coming from the user's source IP. The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user's source IP after this timer has expired. The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be "idle" if it does not see any packets coming from the user's source MAC. The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user's source MAC after this timer has expired. In order to match an identity-based policy, the FortiGate unit checks the IP information. Once inside the policy, the following logic is followed: First, a check is performed to determine if the user's login credentials are valid. Next, the user is checked to determine if they belong to any of the groups defined for that policy. Finally, user restrictions are determined and port, time, and UTM profiles are applied. First, user restrictions are determined and port, time, and UTM profiles are applied. Next, a check is performed to determine if the user's login credentials are valid. Finally, the user is checked to determine if they belong to any of the groups defined for that policy. First, the user is checked to determine if they belong to any of the groups defined for that policy. Next, user restrictions are determined and port, time, and UTM profiles are applied. Finally, a check is performed to determine if the user's login credentials are valid. |