لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
- (Exam Topic 2) Which two statements are true about collector agent advanced mode? (Choose two.)
A. Advanced mode uses Windows convention—NetBios: Domain\Username
B. FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate
C. Advanced mode supports nested or inherited groups
D. Security profiles can be applied only to user groups, not individual users
عرض الإجابة
اجابة صحيحة: B
السؤال #2
- (Exam Topic 2) Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?
A. By default, FortiGate uses WINS servers to resolve names
B. By default, the SSL VPN portal requires the installation of a client’s certificate
C. By default, split tunneling is enabled
D. By default, the admin GUI and SSL VPN portal use the same HTTPS port
عرض الإجابة
اجابة صحيحة: B
السؤال #3
- (Exam Topic 2) Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?
A. Denial of Service
B. Web application firewall
C. Antivirus
D. Application control
عرض الإجابة
اجابة صحيحة: B
السؤال #4
- (Exam Topic 2) Which of the following SD-WAN load –balancing method use interface weight value to distribute traffic? (Choose two.)
A. Source IP
B. Spillover
C. Volume
D. Session
عرض الإجابة
اجابة صحيحة: AC
السؤال #5
- (Exam Topic 1) Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)
A. FortiGuard web filter cache
B. FortiGate hostname
C. NTP
D. DNS
عرض الإجابة
اجابة صحيحة: BD
السؤال #6
- (Exam Topic 1) By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers. Which CLI command will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?
A. set fortiguard-anycast disable
B. set webfilter-force-off disable
C. set webfilter-cache disable
D. set protocol tcp
عرض الإجابة
اجابة صحيحة: B
السؤال #7
- (Exam Topic 2) Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)
A. DNS
B. ping
C. udp-echo
D. TWAMP
عرض الإجابة
اجابة صحيحة: C
السؤال #8
- (Exam Topic 2) Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?
A. Subject Key Identifier value
B. SMMIE Capabilities value
C. Subject value
D. Subject Alternative Name value
عرض الإجابة
اجابة صحيحة: A
السؤال #9
- (Exam Topic 2) Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
A. The firmware image must be manually uploaded to each FortiGate
B. Only secondary FortiGate devices are rebooted
C. Uninterruptable upgrade is enabled by default
D. Traffic load balancing is temporally disabled while upgrading the firmware
عرض الإجابة
اجابة صحيحة: CD
السؤال #10
- (Exam Topic 2) A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface. Which statements about the VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
A. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets
B. The two VLAN sub interfaces must have different VLAN IDs
C. The two VLAN sub interfaces can have the same VLAN ID, only if they belong to different VDOMs
D. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in the same subnet
عرض الإجابة
اجابة صحيحة: D
السؤال #11
- (Exam Topic 1) A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
A. On HQ-FortiGate, enable Auto-negotiate
B. On Remote-FortiGate, set Seconds to 43200
C. On HQ-FortiGate, enable Diffie-Hellman Group 2
D. On HQ-FortiGate, set Encryption to AES256
عرض الإجابة
اجابة صحيحة: D
السؤال #12
- (Exam Topic 2) Which three statements about security associations (SA) in IPsec are correct? (Choose three.)
A. Phase 2 SAs are used for encrypting and decrypting the data exchanged through the tunnel
B. An SA never expires
C. A phase 1 SA is bidirectional, while a phase 2 SA is directional
D. Phase 2 SA expiration can be time-based, volume-based, or both
E. Both the phase 1 SA and phase 2 SA are bidirectional
عرض الإجابة
اجابة صحيحة: AD
السؤال #13
- (Exam Topic 2) A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match. Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)
A. On HQ-FortiGate, set IKE mode to Main (ID protection)
B. On both FortiGate devices, set Dead Peer Detection to On Demand
C. On HQ-FortiGate, disable Diffie-Helman group 2
D. On Remote-FortiGate, set port2 as Interface
عرض الإجابة
اجابة صحيحة: B
السؤال #14
- (Exam Topic 2) Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)
A. This is known as many-to-one NAT
B. Source IP is translated to the outgoing interface IP
C. Connections are tracked using source port and source MAC address
D. Port address translation is not used
عرض الإجابة
اجابة صحيحة: ACD

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: