10982674
Description
Quiz by Marcos Avila, updated more than 1 year ago
|
Created by Marcos Avila
about 7 years ago
|
|
Question 1
Question
What statement is true regarding the Policy Lookup feature?
Answer
-
Searches matching policy based on input criteria
-
Allows traffic to pass through FortiGate based on input criteria, even when there is no firewall policy allowing it
-
Enables extended logging on the firewall policy based on input criteria
-
Creates packet capture in Wireshark format based on input criteria
Question 2
Question
Which FortiGate interface does source device type enable device detection on?
Answer
-
Both source interface and destination interface of the firewall policy
-
All interfaces of FortiGate
-
Destination interface of the firewall policy only
-
Source interface of the firewall policy only
Question 3
Question
Which statements are true regarding device identification? (Choose two.)
Answer
-
Agent-based (FortiCIient) devices use the HTTP user-agent header to identify devices.
-
Agentless devices are indexed by their MAC address.
-
Agent-based (FortiCIient) devices are tracked by their FortiCIient unique ID
-
Only agent—based device identification techniques are supported.
Question 4
Question
Which statements correctly define Policy ID and policy Sequence number for firewall policies? (Choose two.)
Answer
-
A policy sequence number defines the order in which rules are processed.
-
A policy ID number is required to modify a firewall policy from the CLI.
-
A policy ID number changes when policies are re-ordered.
-
A policy sequence number reflects the number of objects used in the firewall policy.
Question 5
Question
Which statements are true regarding incoming and outgoing interfaces in firewall policies? (Choose two.)
Answer
-
Multiple interfaces can be selected as incoming and outgoing interfaces.
-
An incoming interface is mandatory in a firewall policy, but an outgoing interface is optional.
-
Only the any interface can be chosen as an incoming interface.
-
A zone can be chosen as the outgoing interface.
Question 6
Question
Examine the CLI configuration. What does this configuration do? (Choose two.)
config system setting
set ses—denied—traffic enable
end
Answer
-
It creates a session for traffic being denied.
-
It sends an alert notification to the administrator upon detecting denied traffic.
-
It reduces the amount of logs generated by denied traffic.
-
A log message will only generate if there is a security event.
Question 7
Question
What criteria does FortiGate use to match traffic to a firewall policy? (Choose two.)
Answer
-
Source and destination interfaces
-
Logging settings
-
Security profiles
-
Network services
Question 8
Question
Which statements are true regarding the By Sequence View for firewall policies? (Choose two.)
Answer
-
Does not show the source interface column
-
ls still available even when the any interface is being used in one or more firewall policies
-
Lists firewall policies primarily by their policy sequence number
-
ls disabled if any firewall policy has its status set to disable
Question 9
Question
What must be selected in the Source field of a firewall policy?
Answer
-
At least one source user or user group object
-
At least one address object
-
At least one device object
-
At least one source user, one source device, and one source address object
Question 10
Question
What statement is true regarding the Service setting in a firewall policy?
Answer
-
It is optional to add a service in a firewall policy.
-
It matches the traffic by port number.
-
Only one service object can be added to the firewall policy.
-
Administrators cannot create custom services objects.
Want to create your own Quizzes for free with GoConqr? Learn more.