لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
An administrator has configured the following settings: config system settings set ses-denied-traffic enable end config system global set block-session-timer 30 end What are the two results of this configuration? (Choose two.)
A. Device detection on all interfaces is enforced for 30 minutes
B. Denied users are blocked for 30 minutes
C. The number of logs generated by denied traffic is reduced
D. A session for denied traffic is created
عرض الإجابة
اجابة صحيحة: BC
السؤال #2
Which statement is correct regarding the use of application control for inspecting web applications?
A. Application control can identify child and parent applications, and perform different actions on them
B. Application control signatures are organized in a nonhierarchical structure
C. Application control does not require SSL inspection to identify web applications
D. Application control does not display a replacement message for a blocked web application
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Which timeout setting can be responsible for deleting SSL VPN associated sessions?
A. SSL VPN idle-timeout
B. SSL VPN http-request-body-timeout
C. SSL VPN login-timeout
D. SSL VPN dtls-hello-timeout
عرض الإجابة
اجابة صحيحة: D
السؤال #4
When configuring a firewall virtual wire pair policy, which following statement is true?
A. Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same
B. Only a single virtual wire pair can be included in each policy
C. Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings
D. Exactly two virtual wire pairs need to be included in each policy
عرض الإجابة
اجابة صحيحة: A
السؤال #5
Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)
A. Web filter in flow-based inspection
B. Antivirus in flow-based inspection
C. DNS filter
D. Web application firewall
E. Application control
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?
A. Subject Key Identifier value
B. SMMIE Capabilities value
C. Subject value
D. Subject Alternative Name value
عرض الإجابة
اجابة صحيحة: BC
السؤال #7
An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)
A. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy
B. Create a new service object for HTTP service and set the session TTL to never
C. Set the TTL value to never under config system-ttl
D. Set the session TTL on the HTTP policy to maximum
عرض الإجابة
اجابة صحيحة: D
السؤال #8
In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)
A. The IP version of the sources and destinations in a firewall policy must be different
B. The Incoming Interfac
C. Outgoing Interfac
D. Schedule, and Service fields can be shared with both IPv4 and IPv6
E. The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations
F. The IP version of the sources and destinations in a policy must match
عرض الإجابة
اجابة صحيحة: CD
السؤال #9
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?
A. Policy lookup will be disabled
B. By Sequence view will be disabled
C. Search option will be disabled
D. Interface Pair view will be disabled
عرض الإجابة
اجابة صحيحة: D
السؤال #10
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
A. It uses UDP 8888
B. It uses UDP 53
C. It uses DNS over HTTPS
D. It uses DNS overTLS
عرض الإجابة
اجابة صحيحة: D
السؤال #11
Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)
A. There are five devices that are part of the security fabric
B. Device detection is disabled on all FortiGate devices
C. This security fabric topology is a logical topology view
D. There are 19 security recommendations for the security fabric
عرض الإجابة
اجابة صحيحة: AD
السؤال #12
The exhibit contains a network diagram, central SNAT policy, and IP pool configuration. The WAN (port1) interface has the IP address 10.200. 1. 1/24. The LAN (port3) interface has the IP address 10.0. 1.254/24. A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1). Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied. Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0. 1. 10) pings the IP addres
A. 10
B. 10
C. 10
D. 10
عرض الإجابة
اجابة صحيحة: AC
السؤال #13
Refer to the exhibits. Exhibit
A. Exhibit
B. An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric
A. Change the csf setting on Local-FortiGate (root) to set configuration-sync local
B. Change the csf setting on ISFW (downstream) to set configuration-sync local
C. Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default
D. Change the csf setting on ISFW (downstream) to set fabric-object-unification default
عرض الإجابة
اجابة صحيحة: D
السؤال #14
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover. Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)
A. Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel
B. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel
C. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels
D. Enable Dead Peer Detection
عرض الإجابة
اجابة صحيحة: A
السؤال #15
In an explicit proxy setup, where is the authentication method and database configured?
A. Proxy Policy
B. Authentication Rule
C. Firewall Policy
D. Authentication scheme
عرض الإجابة
اجابة صحيحة: B
السؤال #16
Which contains a session diagnostic output. Which statement is true about the session diagnostic output?
A. The session is in SYN_SENT state
B. The session is in FIN_ACK state
C. The session is in FTN_WAIT state
D. The session is in ESTABLISHED state
عرض الإجابة
اجابة صحيحة: BD
السؤال #17
An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?
A. Configure Source IP Pools
B. Configure split tunneling in tunnel mode
C. Configure different SSL VPN realms
D. Configure host check
عرض الإجابة
اجابة صحيحة: CD
السؤال #18
Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)
A. The client FortiGate requires a manually added route to remote subnets
B. The client FortiGate requires a client certificate signed by the CA on the server FortiGate
C. The server FortiGate requires a CA certificate to verify the client FortiGate certificate
D. The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN
عرض الإجابة
اجابة صحيحة: AD

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: