لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?
A. To allow for out-of-order packets that could arrive after the FIN/ACK packets
B. To finish any inspection operations C
عرض الإجابة
اجابة صحيحة: D
السؤال #2
Examine the network diagram and the existing FGTI routing table shown in the exhibit, and then answer the following question: An administrator has added the following static route on FGTI. Since the change, the new static route is not showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?
A. The new route's destination subnet overlaps an existing route
B. The new route's Distance value should be higher than 10
C. The Gateway IP address is not in the same subnet as port1
D. The Priority is 0, which means that this route will remain inactive
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Which one of the following processes is involved in updating IPS from FortiGuard?
A. FortiGate IPS update requests are sent using UDP port 443
B. Protocol decoder update requests are sent to service
C. IPS signature update requests are sent to update
D. IPS engine updates can only be obtained using push updates
عرض الإجابة
اجابة صحيحة: CD
السؤال #4
Refer to the exhibits. Exhibit
A. Exhibit
B. An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric
A. Change the csf setting on Local-FortiGate (root) to sec configuration-sync local
B. Change the csf setting on ISFW (downstream) to sec configuracion-sync local
عرض الإجابة
اجابة صحيحة: CD
السؤال #5
You are configuring the root FortiGate to implement the security fabric. You are configuring port10 to communicate with a downstream FortiGate. View the default Edit Interface in the exhibit below: When configuring the root FortiGate to communicate with a downstream FortiGate, which settings are required to be configured? (Choose two.)
A. Device detection enabled
B. Administrative Access: FortiTelemetry
C. IP/Network Mask
D. Role: Security Fabric
عرض الإجابة
اجابة صحيحة: BC
السؤال #6
The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check. Which interface will be selected as an outgoing interface? A.port2 B.port4 C.port3 D.port1
عرض الإجابة
اجابة صحيحة: D
السؤال #7
The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)
A. FortiGate SN FGVM010000065036 HA uptime has been reset
B. FortiGate devices are not in sync because one device is down
عرض الإجابة
اجابة صحيحة: BC
السؤال #8
An administration wants to throttle the total volume of SMTP sessions to their email server. Which of the following DoS sensors can be used to achieve this?
A. tcp_port_scan
B. ip_dst_session
C. udp_flood
D. ip_src_session
عرض الإجابة
اجابة صحيحة: D
السؤال #9
View the exhibit. Which users and user groups are allowed access to the network through captive portal?
A. Users and groups defined in the firewall policy
B. Only individual users - not groups - defined in the captive portal configuration
C. Groups defined in the captive portal configuration
D. All users
عرض الإجابة
اجابة صحيحة: BC
السؤال #10
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. * All traffic must be routed through the primary tunnel when both tunnels are up * The secondary tunnel must be used only if the primary tunnel goes down * In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)
A. Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel
B. Enable Dead Peer Detection
عرض الإجابة
اجابة صحيحة: CD
السؤال #11
An administrator is configuring an IPsec VPN between site A and site
B. The Remote Gateway setting in both sites has been configured as Static IP Address
A. 192
B. 192
عرض الإجابة
اجابة صحيحة: BD
السؤال #12
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?
A. Add the support of NTLM authentication
عرض الإجابة
اجابة صحيحة: D
السؤال #13
An administrator has configured a dialup IPsec VPN with XAuth. Which statement best describes what occurs during this scenario?
A. Phase 1 negotiations will skip preshared key exchange
B. Only digital certificates will be accepted as an authentication method in phase 1
C. Dialup clients must provide a username and password for authentication
D. Dialup clients must provide their local ID during phase 2 negotiations
عرض الإجابة
اجابة صحيحة: C
السؤال #14
The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode. The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem. With this configuration, which statement is true?
A. Inter-VDOM links are required to allow traffic between the Local and Root VDOMs
B. A static route is required on the To_Internet VDOM to allow LAN users to access the internet
عرض الإجابة
اجابة صحيحة: A
السؤال #15
NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?
A. Web filtering
B. Antivirus
C. Web proxy
D. Application control
عرض الإجابة
اجابة صحيحة: C
السؤال #16
Which statements about DNS filter profiles are true? (Choose two.)
A. They can inspect HTTP traffic
B. They can redirect blocked requests to a specific portal
C. They can block DNS requests to known botnet command and control servers
D. They must be applied in firewall policies with SSL inspection enabled
عرض الإجابة
اجابة صحيحة: CD
السؤال #17
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax. Which two syntaxes are correct to configure web rating for the home page? (Choose two.) A.www.example.com:443 B.www.example.com C.example.com D.www.example.com/index.html
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example
عرض الإجابة
اجابة صحيحة: BC
السؤال #18
An administrator is running a sniffer command as shown in the exhibit. Which three pieces of information are included in the sniffer output? (Choose three.)
A. Interface name
B. Ethernet header C
E. Packet payload
عرض الإجابة
اجابة صحيحة: ACE
السؤال #19
Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)
A. Traffic between port2 and port2-vlan1 is allowed by default
B. port1-vlan10 and port2-vlan10 are part of the same broadcast domain
عرض الإجابة
اجابة صحيحة: D
السؤال #20
Which contains a session diagnostic output. Which statement is true about the session diagnostic output?
A. The session is in SYN_SENT state
B. The session is in FIN_ACK state
عرض الإجابة
اجابة صحيحة: B
السؤال #21
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B). Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?
A. The firewall policy performs the full content inspection on the file
B. The flow-based inspection is used, which resets the last packet to the user
عرض الإجابة
اجابة صحيحة: B
السؤال #22
How does FortiGate select the central SNAT policy that is applied to a TCP session?
A. It selects the SNAT policy specified in the configuration of the outgoing interface
B. It selects the first matching central SNAT policy, reviewing from top to bottom
C. It selects the central SNAT policy with the lowest priority
D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic
عرض الإجابة
اجابة صحيحة: C
السؤال #23
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?
A. Policy lookup will be disabled
B. By Sequence view will be disabled
عرض الإجابة
اجابة صحيحة: C
السؤال #24
View the exhibit. Why is the administrator getting the error shown in the exhibit?
A. The administrator must first enter the command edit global
B. The administrator admin does not have the privileges required to configure global settings
C. The global settings cannot be configured from the root VDOM context
D. The command config system global does not exist in FortiGate
عرض الإجابة
اجابة صحيحة: AB
السؤال #25
Which of the following statements about virtual domains (VDOMs) are true? (Choose two.)
A. The root VDOM is the management VDOM by default
B. A FortiGate device has 64 VDOMs, created by default
C. Each VDOM maintains its own system time
D. Each VDOM maintains its own routing table
عرض الإجابة
اجابة صحيحة: AD
السؤال #26
Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)
A. FortiGate uses the AD server as the collector agent
B. FortiGate uses the SMB protocol to read the event viewer logs from the DCs
عرض الإجابة
اجابة صحيحة: BD
السؤال #27
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
A. Antivirus engine
B. Intrusion prevention system engine C
عرض الإجابة
اجابة صحيحة: A
السؤال #28
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)
A. FortiCache B
E. FortiCloud
عرض الإجابة
اجابة صحيحة: BCE
السؤال #29
An administrator has configured two VLAN interfaces: A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the DHCP server. What is the cause of the problem?
A. Both interfaces must belong to the same forward domain
B. The role of the VLAN10 interface must be set to server
C. Both interfaces must have the same VLAN ID
D. Both interfaces must be in different VDOMs
عرض الإجابة
اجابة صحيحة: A
السؤال #30
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
A. The collector agent uses a Windows API to query DCs for user logins
B. NetAPI polling can increase bandwidth usage in large networks
عرض الإجابة
اجابة صحيحة: D
السؤال #31
Which of the following statements about converse mode are true? (Choose two.)
A. FortiGate stops sending files to FortiSandbox for inspection
B. FortiGate stops doing RPF checks over incoming packets
C. Administrators cannot change the configuration
D. Administrators can access the FortiGate only through the console port
عرض الإجابة
اجابة صحيحة: BC
السؤال #32
Which contains a session list output. Based on the information shown in the exhibit, which statement is true?
A. Destination NAT is disabled in the firewall policy
B. One-to-one NAT IP pool is used in the firewall policy
عرض الإجابة
اجابة صحيحة: A
السؤال #33
Refer to the exhibits. Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)
A. Administrators can access FortiGate only through the console port
B. FortiGate has entered conserve mode
عرض الإجابة
اجابة صحيحة: AD
السؤال #34
Refer to the exhibits. The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?
A. Change the SSL VPN port on the client
B. Change the Server IP address
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: