TEST CERT

Beschreibung

Test de Certificación
sebastianzo
Quiz von sebastianzo, aktualisiert more than 1 year ago
sebastianzo
Erstellt von sebastianzo vor etwa 9 Jahre
2904
9

Zusammenfassung der Ressource

Frage 1

Frage
For FortiGate devices equipped with Network Processor (NP) chips, which are true? (Choose three.)
Antworten
  • For each new IP session, the first packet always goes to the CPU.
  • The kernel does not need to program the NPU. When the NPU sees the traffic, it determines by itself whether it can process the traffic.
  • Once offloaded, unless there are errors, the NP forwards all subsequent packets. The CPU does not process them.
  • When the last packet is sent or received, such as a TCP FIN or TCP RST signal, the NP returns this session to the CPU for tear down.
  • Sessions for policies that have a security profile enabled can be NP offloaded.

Frage 2

Frage
In "diag debug flow" output, you see the message “Allowed by Policy-1: SNAT”. Which is true?
Antworten
  • The packet matched the topmost policy in the list of firewall policies.
  • The packet matched the firewall policy whose policy ID is 1.
  • The packet matched a firewall policy which allows the packet and skips UTM checks.
  • The policy allowed the packet and applied session NAT.

Frage 3

Frage
Which is NOT true about the settings for an IP pool type port block allocation?
Antworten
  • A Block Size defines the number of connections.
  • Blocks Per User defines the number of connection blocks for each user.
  • An Internal IP Range defines the IP addresses permitted to use the pool.
  • An External IP Range defines the IP addresses in the pool.

Frage 4

Frage
If you enable the option "Generate Logs when Session Starts", what effect does this have on the number of traffic log messages generated for each session?
Antworten
  • No traffic log message is generated.
  • One traffic log message is generated.
  • Two traffic log messages are generated.
  • A log message is only generated if there is a security event.

Frage 5

Frage
Which traffic can match a firewall policy's "Services" setting? (Choose three.)
Antworten
  • HTTP
  • SSL
  • DNS
  • RSS
  • HTTPS

Frage 6

Frage
Which correctly define "Section View" and "Global View" for firewall policies? (Choose two.)
Antworten
  • Section View lists firewall policies primarily by their interface pairs.
  • Section View lists firewall policies primarily by their sequence number.
  • Global View lists firewall policies primarily by their interface pairs.
  • Global View lists firewall policies primarily by their policy sequence number.
  • The 'any' interface may be used with Section View.

Frage 7

Frage
Which is true of FortiGate's session table?
Antworten
  • NAT/PAT is shown in the central NAT table, not the session table.
  • It shows TCP connection states.
  • It shows IP, SSL, and HTTP sessions.
  • It does not show UDP or ICMP connection state codes, because those protocols are connectionless.

Frage 8

Frage
Which is true about incoming and outgoing interfaces in firewall policies?
Antworten
  • A physical interface may not be used.
  • A zone may not be used.
  • Multiple interfaces may not be used for both incoming and outgoing.
  • Source and destination interfaces are mandatory.

Frage 9

Frage
Which is NOT true about source matching with firewall policies?
Antworten
  • A source address object must be selected in the firewall policy.
  • A source user/group may be selected in the firewall policy.
  • A source device may be defined in the firewall policy.
  • A source interface must be selected in the firewall policy.
  • A source user/group and device must be specified in the firewall policy.

Frage 10

Frage
Which define device identification? (Choose two.)
Antworten
  • Device identification is enabled by default on all interfaces.
  • Enabling a source device in a firewall policy enables device identification on the source interfaces of that policy.
  • You cannot combine source user and source device in the same firewall policy.
  • FortiClient can be used as an agent based device identification technique.
  • Only agentless device identification techniques are supported.

Frage 11

Frage
Which are valid replies from a RADIUS server to an ACCESS-REQUEST packet from a FortiGate? (Choose two.)
Antworten
  • ACCESS-CHALLENGE
  • ACCESS-RESTRICT
  • ACCESS-PENDING
  • ACCESS-REJECT

Frage 12

Frage
Which methods can FortiGate use to send a One Time Password (OTP) to Two-Factor Authentication users? (Choose three.)
Antworten
  • Hardware FortiToken
  • Web Portal
  • Email
  • USB Token
  • Software FortiToken (FortiToken mobile)

Frage 13

Frage
Which best describes the authentication timeout?
Antworten
  • How long FortiGate waits for the user to enter his or her credentials.
  • How long a user is allowed to send and receive traffic before he or she must authenticate again.
  • How long an authenticated user can be idle (without sending traffic) before they must authenticate again.
  • How long a user-authenticated session can exist without having to authenticate again.

Frage 14

Frage
Which authentication methods does FortiGate support for firewall authentication? (Choose two.)
Antworten
  • Remote Authentication Dial in User Service (RADIUS)
  • Lightweight Directory Access Protocol (LDAP)
  • Local Password Authentication
  • POP3
  • Remote Password Authentication

Frage 15

Frage
Which does FortiToken use as input when generating a token code? (Choose two.)
Antworten
  • User password
  • Time
  • User name
  • Seed

Frage 16

Frage
Which authentication scheme is not supported by the RADIUS implementation on FortiGate?
Antworten
  • CHAP
  • MSCHAP2
  • PAP
  • FSSO

Frage 17

Frage
What protocol cannot be used with the active authentication type?
Antworten
  • Local
  • RADIUS
  • LDAP
  • RSSO

Frage 18

Frage
Which user group types does FortiGate support for firewall authentication? (Choose three.)
Antworten
  • RSSO
  • Firewall
  • LDAP
  • NTLM
  • FSSO

Frage 19

Frage
What is not true of configuring disclaimers on the FortiGate?
Antworten
  • Disclaimers can be used in conjunction with captive portal.
  • Disclaimers appear before users authenticate.
  • Disclaimers can be bypassed through security exemption lists.
  • Disclaimers must be accepted in order to continue to the authentication login or originally intended destination.

Frage 20

Frage
When configuring LDAP on the FortiGate as a remote database for users, what is not a part of the configuration?
Antworten
  • The name of the attribute that identifies each user (Common Name Identifier).
  • The user account or group element names (user DN).
  • The server secret to allow for remote queries (Primary server secret).
  • The credentials for an LDAP administrator (password).

Frage 21

Frage
Which statement best describes what SSL VPN Client Integrity Check does?
Antworten
  • Blocks SSL VPN connection attempts from users that has been blacklisted.
  • Detects the Windows client security applications running in the SSL VPN client's PCs
  • Validates the SSL VPN user credential.
  • Verifies which SSL VPN portal must be presented to each SSL VPN user.
  • Verifies that the latest SSL VPN client is installed in the client's PC.

Frage 22

Frage
Which statement best describes what SSL.root is?
Antworten
  • The name of the virtual network adapter required in each user's PC for SSL VPN Tunnel mode.
  • he name of a virtual interface in the root VDOM where all the SSL VPN user traffic comes from
  • A Firewall Address object that contains the IP addresses assigned to SSL VPN users.
  • The virtual interface in the root VDOM that the remote SSL VPN tunnels connect to.

Frage 23

Frage
Which of the following authentication methods can be used for SSL VPN authentication? (Choose three.)
Antworten
  • Remote Password Authentication (RADIUS, LDAP)
  • Two-Factor Authentication
  • Local Password Authentication
  • FSSO
  • RSSO

Frage 24

Frage
A FortiGate is configured with the 1.1.1.1/24 address on the wan2 interface and HTTPS Administrative Access, using the default tcp port, is enabled for that interface. Given the SSL VPN settings in the exhibit. Which of the following SSL VPN login portal URLs are valid? (Choose two.)
Antworten
  • http://1.1.1.1:443/Training
  • https://1.1.1.1:443/STUDENTS
  • https://1.1.1.1/login
  • https://1.1.1.1/

Frage 25

Frage
Which of the following statements are correct regarding SSL VPN Web-only mode? (Choose two.)
Antworten
  • It can only be used to connect to web services.
  • IP traffic is encapsulated over HTTPS.
  • Access to internal network resources is possible from the SSL VPN portal.
  • The standalone FortiClient SSL VPN client CANNOT be used to establish a Web-only SSL VPN.
  • It is not possible to connect to SSH servers through the VPN.

Frage 26

Frage
Which statement is not correct regarding SSL VPN Tunnel mode?
Antworten
  • IP traffic is encapsulated over HTTPS.
  • The standalone FortiClient SSL VPN client can be used to establish a Tunnel mode SSL VPN.
  • A limited amount of IP applications are supported.
  • The FortiGate device will dynamically assign an IP address to the SSL VPN network adapter.

Frage 27

Frage
Which of the following statements are true about IPsec VPNs? (Choose three.)
Antworten
  • IPsec increases overhead and bandwidth.
  • IPsec operates at the layer 2 of the OSI model.
  • End-user's network applications must be properly pre-configured to send traffic across the IPsec VPN.
  • IPsec protects upper layer protocols.
  • IPsec operates at the layer 3 of the OSI model.

Frage 28

Frage
Which of the following statements is true regarding the differences between route-based and policy-based IPsec VPNs? (Choose two.)
Antworten
  • The firewall policies for policy-based are bidirectional. The firewall policies for route-based are unidirectional.
  • In policy-based VPNs the traffic crossing the tunnel must be routed to the virtual IPsec interface. In route-based, it does not.
  • The action for firewall policies for route-based VPNs may be Accept or Deny, for policy-based VPNs it is Encrypt.
  • Policy-based VPN uses an IPsec interface, route-based does not.

Frage 29

Frage
Which of the following IPsec configuration modes can be used for implementing L2TP-over-IPSec VPNs?
Antworten
  • Policy-based IPsec only.
  • Route-based IPsec only.
  • Both policy-based and route-based VPN.
  • L2TP-over-IPSec is not supported by FortiGate devices.

Frage 30

Frage
Which of the following authentication methods are supported in an IPsec phase 1? (Choose two.)
Antworten
  • Asymmetric Keys
  • CA root digital certificates
  • RSA signature
  • Pre-shared keys

Frage 31

Frage
How many packets are interchanged between both IPSec ends during the negotiation of a main-mode phase 1?
Antworten
  • 5
  • 3
  • 2
  • 6

Frage 32

Frage
Which of the following IPsec configuration modes can be used when the FortiGate is running in NAT mode?
Antworten
  • Policy-based VPN only
  • Both policy-based and route-based VPN.
  • Route-based VPN only.
  • D. IPSec VPNs are not supported when the FortiGate is running in NAT mode.

Frage 33

Frage
Which portion of the configuration does an administrator specify the type of IPsec configuration (either policy-based or route-based)?
Antworten
  • Under the IPsec VPN global settings.
  • Under the phase 2 settings.
  • Under the phase 1 settings.
  • Under the firewall policy settings.

Frage 34

Frage
Which of the following IKE modes is the one used during the IPsec phase 2 negotiation
Antworten
  • Aggressive mode
  • Quick mode
  • Main mode
  • Fast mode

Frage 35

Frage
Which of the following options best defines what Diffie-Hellman is?
Antworten
  • A symmetric encryption algorithm.
  • A "key-agreement" protocol.
  • A "Security-association-agreement" protocol.
  • An authentication algorithm

Frage 36

Frage
What action does an IPsec Gateway take with the user traffic routed to an IPsec VPN when it does not match any phase 2 quick mode selector?
Antworten
  • Traffic is dropped.
  • Traffic is routed across the default phase 2.
  • Traffic is routed to the next available route in the routing table.
  • Traffic is routed unencrypted to the interface where the IPsec VPN is terminating.

Frage 37

Frage
An Internet browser is using the WPAD DNS method to discover the PAC file’s URL. The DNS server replies to the browser’s request with the IP address 10.100.1.10. Which URL will the browser use to download the PAC file?
Antworten
  • Test FortiGate I: 07. Explicit Proxy Quiz Question 1 of 6 An Internet browser is using the WPAD DNS method to discover the PAC file’s URL. The DNS server replies to the browser’s request with the IP address 10.100.1.10. Which URL will the browser use to download the PAC file? http://10.100.1.10/proxy.pac https://10.100.1.10/ http://10.100.1.10/wpad.dat https://10.100.1.10/proxy.pac
  • https://10.100.1.10/
  • http://10.100.1.10/wpad.dat
  • https://10.100.1.10/proxy.pac

Frage 38

Frage
Which of the following statements is true regarding the TCP SYN packets that go from a client, through an implicit web proxy (transparent proxy), to a web server listening at TCP port 80? (Choose three.)
Antworten
  • The source IP address matches the client IP address.
  • The source IP address matches the proxy IP address.
  • The destination IP address matches the proxy IP address.
  • The destination IP address matches the server IP addresses.
  • The destination TCP port number is 80.

Frage 39

Frage
Review the exhibit of an explicit proxy policy configuration. If there is a proxy connection attempt coming from the IP address 10.0.1.5, and from a user that has not authenticated yet, what action does the FortiGate proxy take?
Antworten
  • User is prompted to authenticate. Traffic from the user Student will be allowed by the policy #1. Traffic from any other user will be allowed by the policy #2.
  • User is not prompted to authenticate. The connection is allowed by the proxy policy #2.
  • User is not prompted to authenticate. The connection will be allowed by the proxy policy #1.
  • User is prompted to authenticate. Only traffic from the user Student will be allowed. Traffic from any other user will be blocked.

Frage 40

Frage
Which protocol can an Internet browser use to download the PAC file with the web proxy configuration?
Antworten
  • HTTPS
  • FTP
  • TFTP
  • HTTP

Frage 41

Frage
Which of the following are benefits of using web caching? (Choose three.)
Antworten
  • Decrease bandwidth utilization
  • Reduce server load
  • Reduce FortiGate CPU usage
  • Reduce FortiGate memory usage
  • Decrease traffic delay

Frage 42

Frage
Question 6 of 6 Which of the following statements is true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.)
Antworten
  • More than one proxy is supported.
  • Can contain a list of destinations that will be exempt from the use of any proxy.
  • Can contain a list of URLs that will be exempted from the FortiGate web filtering inspection.
  • Can contain a list of users that will be exempted from the use of any proxy.

Frage 43

Frage
What is longest length of time allowed on a FortiGate device for the virus scan to complete?
Antworten
  • 20 seconds
  • 30 seconds
  • 45 seconds
  • 10 seconds

Frage 44

Frage
Which type of conserve mode writes a log message immediately, rather than when the device exits conserve mode?
Antworten
  • Kernel
  • Proxy
  • System
  • Device

Frage 45

Frage
Files that are larger than the oversized limit are subjected to which Antivirus check?
Antworten
  • Grayware
  • Virus
  • Sandbox
  • Heuristic

Frage 46

Frage
Files reported to be infected by the "Suspicious" virus were subject to which Antivirus check?
Antworten
  • Grayware
  • Virus
  • Sandbox
  • Heuristic

Frage 47

Frage
Which are the three different types of Conserve Mode that can occur on a FortiGate device? (Choose three.)
Antworten
  • Proxy
  • Operating system
  • Kernel
  • System
  • Device

Frage 48

Frage
A FortiGate device is configure to perform an AV & IPS scheduled update every hour. Given the information in the exhibit, when will the next update happen?
Antworten
  • 01:00
  • 02:05
  • 11:00
  • 11:08

Frage 49

Frage
What is the maximum number of different virus databases a FortiGate can have?
Antworten
  • 5
  • 2
  • 3
  • 4

Frage 50

Frage
Which of the following are possible actions for static URL filtering? (Choose three.)
Antworten
  • Allow
  • Block
  • Exempt
  • Warning
  • Shape

Frage 51

Frage
Which of the following are possible actions for FortiGuard web category filtering? (Choose three.)
Antworten
  • Allow
  • Block
  • Exempt
  • Warning
  • Shape

Frage 52

Frage
Examine the following log message attributes and select two correct statements from the list below. (Choose two.) hostname=www.youtube.com profiletype="Webfilter_Profile" profile="default" status="passthrough" msg="URL belongs to a category with warnings enabled"
Antworten
  • The traffic was blocked.
  • The user failed authentication.
  • The category action was set to warning.
  • The website was allowed.

Frage 53

Frage
Which of the following actions can be used with the FortiGuard quota feature? (Choose three.)
Antworten
  • Allow
  • Block
  • Monitor
  • Warning
  • Authenticate

Frage 54

Frage
Which of the following statements are true regarding the web filtering modes? (Choose two.)
Antworten
  • Proxy based mode allows for customizable block pages to display when sites are prevented.
  • Proxy based mode requires more resources than flow-based.
  • Flow based mode offers more settings under the advanced configuration section of the GUI.
  • Proxy based mode offers higher throughput than flow-based mode.

Frage 55

Frage
Which of the following web filtering modes can inspect the full URL? (Choose two.)
Antworten
  • Proxy based
  • DNS based
  • Policy based
  • Flow based

Frage 56

Frage
The exhibit is a screen shot of an Application Control profile. Different settings are circled and numbered. Select the number identifying the setting which will provide additional information about YouTube access, such as the name of the video watched.
Antworten
  • 1
  • 2
  • 3
  • 4
  • 5

Frage 57

Frage
Which of the following statements are true regarding application control? (Choose two.)
Antworten
  • Application control is based on TCP destination port numbers.
  • Application control is proxy based.
  • Encrypted traffic can be identified by application control.
  • Traffic shaping can be applied to the detected application traffic.

Frage 58

Frage
Which answer best describes what an "Unknown Application" is?
Antworten
  • All traffic that matches the internal signature for unknown applications.
  • Traffic that does not match the RFC pattern for its protocol.
  • Any traffic that does not match an application control signature.
  • A packet that fails the CRC check.

Frage 59

Frage
What actions are possible with Application Control? (Choose three.)
Antworten
  • Warn
  • Allow
  • Block
  • Traffic Shaping
  • Quarantine

Frage 60

Frage
How do application control signatures update on a FortiGate device?
Antworten
  • Through FortiGuard updates.
  • Upgrade the FortiOS firmware to a newer release.
  • By running the Application Control auto-learning feature.
  • Signatures are hard coded to the device and cannot be updated.

Frage 61

Frage
The exhibit shows two static routes to the same destination subnet 172.20.168.0/24. Which of the following statements correctly describes this static routing configuration? (Choose two.)
Antworten
  • Both routes will show up in the routing table.
  • The FortiGate unit will evenly share the traffic to 172.20.168.0/24 between both routes.
  • Only one route will show up in the routing table.
  • The FortiGate will route the traffic to 172.20.168.0/24 only through one route.

Frage 62

Frage
Which of the following fields contained in the IP/TCP/UDP headers can be used to make a routing decision when using policy-based routing? (Choose three.)
Antworten
  • Source IP address
  • TCP flags
  • Source TCP/UDP port
  • Type of service
  • Checksum

Frage 63

Frage
Which of the following statements are true regarding WAN Link Load Balancing? (Choose two.)
Antworten
  • There can be only one virtual WAN Link per VDOM.
  • FortiGate can measure the quality of each link based on latency, jitter, or lost packets percentage.
  • Link health check can be performed over each link member of the virtual WAN interface.
  • Distance and priority values are configured in each link member of the virtual WAN interface.

Frage 64

Frage
The exhibit shows a FortiGate routing table. Which of the following statements are correct? (Choose two.)
Antworten
  • There is only one active default route.
  • The distance value for the route to 192.168.1.0/24 is 200.
  • An IP address in the subnet 172.16.78.0/24 has been assigned to the dmz interface.
  • The FortiGate will route the traffic to 172.17.1.2 to the next hop with the IP address 192.168.11.254.

Frage 65

Frage
Which of the following statements best describes what a FortiGate does when packets match a black hole route?
Antworten
  • Packets are dropped.
  • Packets are routed based on the information in the policy-based routing table.
  • An ICMP error message is sent back to the originator.
  • Packets are routed back to the originator.

Frage 66

Frage
The exhibit shows three static routes. Which static route(s) will be used to route the packets to the destination IP address 172.20.168.1?
Antworten
  • The routes with the ID numbers 2 and 3.
  • Only the route with the ID number 3.
  • Only the route with the ID number 2.
  • Only the route with the ID number 1.

Frage 67

Frage
What must be configures in order to keep two static routes to the same destination in the routing table?
Antworten
  • The same priority.
  • The same distance and same priority.
  • The same distance.
  • The same metric.

Frage 68

Frage
Which action does the FortiGate take when link health monitor times out?
Antworten
  • All routes to the destination subnet configured in the link health monitor are removed from the routing table.
  • The distance values of all routes using the interface configured in the link health monitor are increased.
  • The priority values of all routes using the interface configured in the link health monitor are increased.
  • All routes using the next-hop gateway configured in the link health monitor are removed from the routing table.

Frage 69

Frage
In the debug command output shown in the exhibit, which of the following best describes the MAC address 00:09:0f:69:03:7e?
Antworten
  • It is one of the secondary MAC addresses of the port1 interface.
  • It is the primary MAC address of the port1 interface.
  • It is the MAC address of another network device located in the same LAN segment as the FortiGate unit’s port1 interface.
  • It is the HA virtual MAC address.

Frage 70

Frage
Examine the network topology diagram in the exhibit; the workstation with the IP address 212.10.11.110 sends a TCP SYN packet to the workstation with the IP address 212.10.11.20. Which of the following sentences best describes the result of the reverse path forwarding (RPF) check executed by the FortiGate on the SYN packet? (Choose two.)
Antworten
  • Packet is allowed if RPF is configured as loose.
  • Packet is allowed if RPF is configured as strict.
  • Packet is blocked if RPF is configured as loose.
  • Packet is blocked if RPF is configured as strict.

Frage 71

Frage
A FortiGate device has two VDOMs in NAT/route mode. Which of the following solutions can be implemented by a network administrator to route traffic between the two VDOMs? (Choose two.)
Antworten
  • Use the inter-VDOM links automatically created between all VDOMS.
  • Manually create and configure an inter-VDOM link between your two VDOMs.
  • Interconnect and configure an external physical interface in one VDOM to another physical interface in the second VDOM.
  • Configure both VDOMs to share the same routing table.

Frage 72

Frage
Which of the following settings can be configured per VDOM? (Choose three.)
Antworten
  • Operating mode (NAT/route or transparent)
  • Static routes
  • Hostname
  • System time
  • Firewall policies

Frage 73

Frage
Which of the following statements are correct regarding FortiGate virtual domains (VDOMs)? (Choose two.)
Antworten
  • VDOMs divide a single FortiGate unit into two or more independent firewalls.
  • A management VDOM handles SNMP, logging, alert email, and FortiGuard updates.
  • Each VDOM can run different firmware versions.
  • Administrative users with a ‘super_admin’ profile can administrate only one VDOM.

Frage 74

Frage
Which of the following statements is correct concerning multiple VDOMs configured in a FortiGate device?
Antworten
  • FortiGate devices, from the FGT/FWF 60D and above, all support VDOMS.
  • All FortiGate devices scale to 250 VDOMS.
  • Each VDOM requires its own FortiGuard license.
  • FortiGate devices support more NAT/Route VDOMs than Transparent Mode VDOMs.

Frage 75

Frage
A FortiGate device is configured with two VDOMs. The management VDOM is 'root', and is configured in transparent mode, 'vdom1' is configured as NAT/route mode. Which traffic is generated only by 'root' and not 'vdom1'? (Choose three.)
Antworten
  • SNMP traps
  • FortiGuard
  • ARP
  • NTP
  • ICMP redirect

Frage 76

Frage
A FortiGate unit is operating in NAT/route mode and configured with two VLAN sub-interfaces on the same physical interface. Which of the following statement is correct regarding the VLAN IDs in this scenario?
Antworten
  • The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.
  • The two VLAN sub-interfaces must have different VLAN IDs.
  • The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.
  • The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches.

Frage 77

Frage
A FortiGate unit has multiple VDOMs in NAT/route mode with multiple VLAN interfaces in each VDOM. Which of the following statements is correct regarding the IP addresses assigned to each VLAN interface?
Antworten
  • Different VLANs can share the same IP address as long as they have different VLAN IDs.
  • Different VLANs can share the same IP address as long as they are in different physical interfaces.
  • Different VLANs can share the same IP address as long as they are in different VDOMs.
  • Different VLANs can never share the same IP addresses.

Frage 78

Frage
A FortiGate device is configured with four VDOMs: 'root' and 'vdom1' are in NAT/route mode; 'vdom2' and 'vdom3' are in transparent mode. The management VDOM is 'root'. Which of the following statements are true? (Choose two.)
Antworten
  • An inter-VDOM link between 'root' and 'vdom1' can be created.
  • An inter-VDOM link between 'vdom1' and 'vdom2' can be created.
  • An inter-VDOM link between 'vdom2 ' and 'vdom3' can be created.
  • Inter-VDOM link links must be manually configured for FortiGuard traffic.

Frage 79

Frage
Which of the following statements are correct differences between NAT/route and transparent mode? (Choose two.)
Antworten
  • In transparent mode, interfaces do not have IP addresses.
  • Firewall policies are only used in NAT/route mode.
  • Static routes are only used in NAT/route mode.
  • Only transparent mode permits inline traffic inspection at layer 2.

Frage 80

Frage
What is the default criteria for selecting the HA master unit in a HA cluster?
Antworten
  • port monitor, priority, uptime, serial number
  • port monitor, uptime, priority, serial number
  • priority, uptime, port monitor, serial number
  • uptime, priority, port monitor, serial number

Frage 81

Frage
Which of the following statements describes the objective of the gratuitous ARP packets sent by an HA cluster?
Antworten
  • To synchronize the ARP tables in all the FortiGate units that are part of the HA cluster.
  • To notify the network switches that a new HA master unit has been elected.
  • To notify the master unit that the slave devices are still up and alive.
  • To notify the master unit about the physical MAC addresses of the slave units.

Frage 82

Frage
What information is synchronized between two FortiGate units that belong to the same HA cluster? (Choose three.)
Antworten
  • IP addresses assigned to DHCP enabled interfaces.
  • The master device's hostname.
  • Routing configuration and state.
  • Reserved HA management interface IP configuration.
  • Firewall policies and objects.

Frage 83

Frage
What are required to be the same for two FortiGate units to form an HA cluster? (Choose two.)
Antworten
  • Firmware
  • Model
  • Hostname
  • System time zone

Frage 84

Frage
Which statement describes how traffic flows in sessions handled by a slave unit in an active-active HA cluster?
Antworten
  • Packets are sent directly to the slave unit using the slave physical MAC address.
  • Packets are sent directly to the slave unit using the HA virtual MAC address.
  • Packets arrive at both units simultaneously, but only the slave unit forwards the session.
  • Packets are first sent to the master unit, which then forwards the packets to the slave unit.

Frage 85

Frage
Which of the following statements correctly describes the use of the “diagnose sys ha reset-uptime” command?
Antworten
  • To force an HA failover when the HA override setting is disabled.
  • To force an HA failover when the HA override setting is enabled.
  • To clear the HA counters.
  • To restart a FortiGate unit that is part of an HA cluster.

Frage 86

Frage
Which of the following statements are correct regarding a master HA unit? (Choose two.)
Antworten
  • There should be only one master unit is each HA virtual cluster.
  • The master synchronizes cluster configuration with slaves.
  • Only the master has a reserved management HA interface.
  • Heartbeat interfaces are not required on a master unit.

Frage 87

Frage
Which of the following statements are correct concerning the FortiGate session life support protocol? (Choose two.)
Antworten
  • By default, UDP sessions are not synchronized.
  • Up to four FortiGate devices in standalone mode are supported.
  • Only the master unit handles the traffic.
  • Allows per-VDOM session synchronization.

Frage 88

Frage
What configuration objects are automatically added when using the FortiGate's FortiClient VPN Configuration Wizard? (Choose two.)
Antworten
  • Static route
  • Phase 1
  • User group
  • Phase 2

Frage 89

Frage
Which of the following statements are correct concerning IPsec dialup VPN configurations for FortiGate devices? (Choose two.)
Antworten
  • Main mode must be used when there is more than one IPsec dialup VPN configure on the same FortiGate device.
  • A FortiGate device with an IPsec VPN configured as dialup can initiate the tunnel connection to any remote IP address.
  • Peer ID must be used when there is more than one aggressive-mode IPsec dialup VPN on the same FortiGate device.
  • The FortiGate will automatically add a static route to the source quick mode selector address received from each remote peer.

Frage 90

Frage
Which statement is correct concerning an IPsec VPN with the remote gateway setting configured as 'Dynamic DNS'?
Antworten
  • The FortiGate will accept IPsec VPN connections from any IP address.
  • The FQDN resolution of the local FortiGate IP address where the VPN is terminated must be provided by a dynamic DNS provider.
  • The FortiGate will accept IPsec VPN connections only from IP addresses included in a dynamic DNS access list.
  • The remote gateway IP address can change dynamically.

Frage 91

Frage
The exhibit shows a part output of the diagnostic command 'diagnose debug application ike 255', taken during the establishment of a VPN. Which of the following statements are correct concerning this output? (Choose two.)
Antworten
  • The quick mode selectors negotiated between both IPsec VPN peers is 0.0.0.0/32 for both the source and destination addresses.
  • The output corresponds to a phase 2 negotiation.
  • NAT-T is enabled and there is a third device in the path performing NAT of the traffic between both IPsec VPN peers.
  • The IP address of the remote IPsec VPN peer is 172.20.187.114.

Frage 92

Frage
Which of the following combinations of two FortiGate device configurations (side A and side B), can be used to successfully establish an IPsec VPN between them? (Choose two.)
Antworten
  • Side A: main mode, remote gateway as static IP address, policy-based VPN. Side B: aggressive Mode, remote Gateway as static IP address, policy-based VPN.
  • Side A: main mode, remote gateway as static IP Address, policy-based VPN. Side B: main mode, remote gateway as static IP address, route-based VPN.
  • Side A: main mode, remote gateway as static IP address, route-based VPN. Side B: main mode, remote gateway as dialup, route-based VPN.
  • Side A: main mode, remote gateway as dialup, policy-based VPN. Side B: main mode, remote gateway as dialup, policy-based VPN.

Frage 93

Frage
Which of the following statements are correct concerning the IPsec phase 1 and phase 2, shown in the exhibit? (Choose two.)
Antworten
  • The quick mode selector in the remote site must also be 0.0.0.0/0 for the source and destination addresses.
  • Only remote peers with the peer ID 'fortinet' will be able to establish a VPN.
  • The FortiGate device will automatically add a static route to the source quick mode selector address received from each remote VPN peer.
  • The configuration will work only to establish FortiClient-to-FortiGate tunnels. A FortiGate-to-FortiGate tunnel requires a different configuration.

Frage 94

Frage
What is required in a FortiGate configuration to have more than one dialup IPsec VPN using aggressive mode?
Antworten
  • All the aggressive mode dialup VPNs MUST accept connections from the same peer ID.
  • Each peer ID MUST match the FQDN of each remote peer.
  • Each aggressive mode dialup MUST accept connections from different peer ID.
  • The peer ID setting must NOT be used.

Frage 95

Frage
Which of the following protocols are defined in the IPsec Standard? (Choose two.)
Antworten
  • AH
  • GRE
  • SSL/TLS
  • ESP

Frage 96

Frage
Which of the following statements are correct concerning IKE mode config? (Choose two.)
Antworten
  • It can dynamically assign IP addresses to IPsec VPN clients.
  • It can dynamically assign DNS settings to IPsec VPN clients.
  • It uses the ESP protocol.
  • It can be enabled in the phase 2 configuration.

Frage 97

Frage
You have configured the DHCP server on a FortiGate's port1 interface (or internal, depending on the model) to offer IPs in a range of 192.168.1.65-192.168.1.253. When the first host sends a DHCP request, what IP will the DHCP offer?
Antworten
  • 192.168.1.99
  • 192.168.1.253
  • 192.168.1.65
  • 192.168.1.66

Frage 98

Frage
Which is not a FortiGate feature?
Antworten
  • Database auditing
  • Intrusion prevention
  • Web filtering
  • Application control

Frage 99

Frage
Which UTM feature sends a UDP query to FortiGuard servers each time FortiGate scans a packet (unless the response is locally cached)?
Antworten
  • Antivirus
  • VPN
  • IPS
  • Web Filtering

Frage 100

Frage
You have created a new administrator account, and assign it the prof_admin profile. Which is false about that account's permissions?
Antworten
  • It cannot upgrade or downgrade firmware.
  • It can create and assign administrator accounts to parts of its own VDOM.
  • It can reset forgotten passwords for other administrator accounts such as "admin".
  • It has a smaller permissions scope than accounts with the "super_admin" profile.

Frage 101

Frage
When an administrator attempts to manage FortiGate from an IP address that is not a trusted host, what happens?
Antworten
  • FortiGate will still subject that person's traffic to firewall policies; it will not bypass them.
  • FortiGate will drop the packets and not respond.
  • FortiGate responds with a block message, indicating that it will not allow that person to log in.
  • FortiGate responds only if the administrator uses a secure protocol. Otherwise, it does not respond.

Frage 102

Frage
Acme Web Hosting is replacing one of their firewalls with a FortiGate. It must be able to apply port forwarding to their back-end web servers while blocking virus uploads and TCP SYN floods from attackers. Which operation mode is the best choice for these requirements?
Antworten
  • NAT/route
  • NAT mode with an interface in one-arm sniffer mode
  • Transparent mode
  • No appropriate operation mode exists

Frage 103

Frage
if you have lost your password for the "admin" account on your FortiGate, how should you reset it?
Antworten
  • Log in with another administrator account that has "super_admin" profile permissions, then reset the password for the "admin" account.
  • Reboot the FortiGate. Via the local console, during the boot loader, use the menu to format the flash disk and reinstall the firmware. Then you can log in with the default password.
  • Power off the FortiGate. After several seconds, restart it. Via the local console, within 30 seconds after booting has completed, log in as "maintainer" and enter the CLI commands to set the password for the "admin" account.
  • Reboot the FortiGate. Via the local console, during the boot loader, use the menu to log in as "maintainer" and enter the CLI commands to set the password for the "admin" account.

Frage 104

Frage
A backup file begins with this line: #config-version=FGVM64-5.02-FW-build589-140613:opmode=0:vdom=0:user=admin #conf_file_ver=3881503152630288414 #buildno=0589 #global_vdom=1 Can you restore it to a FortiWiFi 60D?
Antworten
  • Yes
  • Yes, but only if you replace the "#conf_file_ver" line so that it contains the serial number of that specific FortiWiFi 60D.
  • Yes, but only if it is running the same version of FortiOS, or a newer compatible version.
  • No

Frage 105

Frage
Which protocols can you use for secure administrative access to a FortiGate? (Choose two)
Antworten
  • SSH
  • Telnet
  • NTLM
  • HTTPS

Frage 106

Frage
A new version of FortiOS firmware has just been released. When you upload new firmware, which is true?
Antworten
  • If you upload the firmware image via the boot loader's menu from a TFTP server, it will not preserve the configuration. But if you upload new firmware via the GUI or CLI, as long as you are following a supported upgrade path, FortiOS will attempt to convert the existing configuration to be valid with any new or changed syntax.
  • No settings are preserved. You must completely reconfigure.
  • No settings are preserved. After the upgrade, you must upload a configuration backup file. FortiOS will ignore any commands that are not valid in the new OS. In those cases, you must reconfigure settings that are not compatible with the new firmware.
  • You must use FortiConverter to convert a backup configuration file into the syntax required by the new FortiOS, then upload it to FortiGate.

Frage 107

Frage
In a Crash log, what does a status of 0 indicate?
Antworten
  • Abnormal termination of a process
  • A process closed for any reason
  • Normal shutdown with no abnormalities
  • DHCP process crashed

Frage 108

Frage
Which of the following are considered log types? (Choose three.)
Antworten
  • Forward log
  • Traffic log
  • Syslog
  • Event log
  • Security log

Frage 109

Frage
What determines whether a log message is generated or not?
Antworten
  • Firewall policy setting
  • Log Settings in the GUI
  • 'config log' command in the CLI
  • Syslog
  • Webtrends

Frage 110

Frage
Where are most of the security events logged?
Antworten
  • Security log
  • Forward Traffic log
  • Event log
  • Alert log
  • Alert Monitoring Console

Frage 111

Frage
What are the ways FortiGate can monitor logs? (Choose three.)
Antworten
  • MIB
  • SMS
  • Alert Emails
  • SNMP
  • FortiAnalyzer
  • Alert Message Console

Frage 112

Frage
What attributes are always included in a log header? (Choose three.)
Antworten
  • policyid
  • level
  • user
  • time
  • subtype
  • duration

Frage 113

Frage
Examine this log entry. What does the log indicate? (Choose three.) date=2013-12-04 time=09:30:18 logid=0100032001 type=event subtype=system level=information vd="root" user="admin" ui=http(192.168.1.112) action=login status=success reason=none profile="super_admin" msg="Administrator admin logged in successfully from http(192.168.1.112)"
Antworten
  • In the GUI, the log entry was located under “Log & Report > Event Log > User”.
  • In the GUI, the log entry was located under “Log & Report > Event Log > System”.
  • In the GUI, the log entry was located under “Log & Report > Traffic Log > Local Traffic”.
  • The connection was encrypted
  • The connection was unencrypted.
  • The IP of the FortiGate interface that “admin” connected to was 192.168.1.112.
  • The IP of the computer that “admin” connected from was 192.168.1.112.

Frage 114

Frage
To which remote device can the FortiGate send logs? (Choose three.)
Antworten
  • Syslog
  • FortiAnalyzer
  • Hard drive
  • Memory
  • FortiCloud

Frage 115

Frage
What log type would indicate whether a VPN is going up or down?
Antworten
  • Event log
  • Security log
  • Forward log
  • Syslog

Frage 116

Frage
There are eight (8) log severity levels that indicate the importance of an event. Not including Debug, which is only needed to log diagnostic data, what are both the lowest AND highest severity levels?
Antworten
  • Notification, Emergency
  • Information, Critical
  • Error, Critical
  • Information, Emergency
  • Information, Alert
Zusammenfassung anzeigen Zusammenfassung ausblenden

ähnlicher Inhalt

Segundo examen de WORD
jundraker
Prueba de mapas
LiliaRojas
Prueba
jjnavares
TEST
zidanejk
Marcas de Celulares más Reconocidas
Didier Cairasco
La cédula
José Marcilla
mapa de prueba angel
angeljv0826
mapa mental de prueba
joseangelvalenzu
Dirección Nacional de gestión de compras, inventarios y garantías
comprasnacionales
Prueba encuesta
Marco Ruiz6660