- (Exam Topic 2) Which two statements are true about collector agent advanced mode? (Choose two.)

- (Exam Topic 2) Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

- (Exam Topic 2) Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

- (Exam Topic 2) Which of the following SD-WAN load –balancing method use interface weight value to distribute traffic? (Choose two.)

- (Exam Topic 1) Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

- (Exam Topic 1) By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers. Which CLI command will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?

- (Exam Topic 2) Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

- (Exam Topic 2) Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

- (Exam Topic 2) Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

- (Exam Topic 2) A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface. Which statements about the VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

- (Exam Topic 1) A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

- (Exam Topic 2) Which three statements about security associations (SA) in IPsec are correct? (Choose three.)

- (Exam Topic 2) A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match. Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)

- (Exam Topic 2) Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)