What statement is true regarding the Policy Lookup feature?
Searches matching policy based on input criteria
Allows traffic to pass through FortiGate based on input criteria, even when there is no firewall policy allowing it
Enables extended logging on the firewall policy based on input criteria
Creates packet capture in Wireshark format based on input criteria
Which FortiGate interface does source device type enable device detection on?
Both source interface and destination interface of the firewall policy
All interfaces of FortiGate
Destination interface of the firewall policy only
Source interface of the firewall policy only
Which statements are true regarding device identification? (Choose two.)
Agent-based (FortiCIient) devices use the HTTP user-agent header to identify devices.
Agentless devices are indexed by their MAC address.
Agent-based (FortiCIient) devices are tracked by their FortiCIient unique ID
Only agent—based device identification techniques are supported.
Which statements correctly define Policy ID and policy Sequence number for firewall policies? (Choose two.)
A policy sequence number defines the order in which rules are processed.
A policy ID number is required to modify a firewall policy from the CLI.
A policy ID number changes when policies are re-ordered.
A policy sequence number reflects the number of objects used in the firewall policy.
Which statements are true regarding incoming and outgoing interfaces in firewall policies? (Choose two.)
Multiple interfaces can be selected as incoming and outgoing interfaces.
An incoming interface is mandatory in a firewall policy, but an outgoing interface is optional.
Only the any interface can be chosen as an incoming interface.
A zone can be chosen as the outgoing interface.
Examine the CLI configuration. What does this configuration do? (Choose two.) config system setting set ses—denied—traffic enable end
It creates a session for traffic being denied.
It sends an alert notification to the administrator upon detecting denied traffic.
It reduces the amount of logs generated by denied traffic.
A log message will only generate if there is a security event.
What criteria does FortiGate use to match traffic to a firewall policy? (Choose two.)
Source and destination interfaces
Logging settings
Security profiles
Network services
Which statements are true regarding the By Sequence View for firewall policies? (Choose two.)
Does not show the source interface column
ls still available even when the any interface is being used in one or more firewall policies
Lists firewall policies primarily by their policy sequence number
ls disabled if any firewall policy has its status set to disable
What must be selected in the Source field of a firewall policy?
At least one source user or user group object
At least one address object
At least one device object
At least one source user, one source device, and one source address object
What statement is true regarding the Service setting in a firewall policy?
It is optional to add a service in a firewall policy.
It matches the traffic by port number.
Only one service object can be added to the firewall policy.
Administrators cannot create custom services objects.
