Question 1
Answer
-
Auto discovery VPN
-
Active Directory VPN
-
Active Direct VPN
Question 2
Question
Which VPN topology does not allow direct communication between spokes?
Answer
-
a. Partial mesh
-
b. Hub-and-spoke
Question 3
Question
Which VPN topology is the most fault tolerant?
Answer
-
a. Full mesh
-
b. Hub-and-spoke
Question 4
Question
FortiGate operation mode: NAT and transparent
L2TP-over—lPsec: Yes
GRE—over—lPsec: No
Routing protocols: No
Number of policies per VPN: One policy controls both traffic directions
Question 5
Question
FortiGate operation mode: Only NAT
L2TP-over—lPsec: Yes
GRE—over—lPsec: Yes
Routing protocols: Yes
Number of policies per VPN: Two policies (usually)—one for each direction
Question 6
Question
Transparent mode supports only policy-based VPNs
Question 7
Question
Generally, try to use policy-based because it offers more flexibility and control.
Question 8
Question
Traffic must be routed to the lPsec virtual network interface.
Usually two firewall policies with the Action set to ACCEPT are required (one per direction).
Question 9
Question
One firewall policy with the Action set to lPsec is required.
By default, hidden on the GUI. To show.
Question 10
Question
Wizard vpn creates only route-based VPNs
Question 11
Question
SD-WAN feature can also be used for VPN redundancy.
Question 12
Question
[blank_start]1-[blank_end] Add one phase 1 configuration for each tunnel. Dead peer detection (DPD) must be enabled on both ends.
[blank_start]2-[blank_end] Add at least one phase 2 definition for each phase 1.
[blank_start]3-[blank_end] Add one static route for each path. Use distance or priority to select primary routes over backup routes. Alternatively, use dynamic routing.
[blank_start]4-[blank_end] Configure firewall policies for each lPsec interface.
Question 13
Question
When configuring policy-based VPN, what option do you need to select for the Action setting?
Question 14
Question
Which of the following statements about route-based VPN is correct?
Question 15
Question
diagnose vpn tunnel list - command to verify if traffic is offloaded.
Question 16
Question
Keeping a real-time debug running on the background of a FortiGate for a long time it is necessary some times.
Question 17
Question 18
Question
Which one of the following messages indicates that both ingress and egress ESP packets will be offloaded?
Answer
-
a.npu_flag=00
-
b.npu_flag=03
Question 19
Question
If you enable NAT in the firewall policy for VPN, which of the following issues may occur?