لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Examine the IPS sensor configuration shown in the exhibit, and then answer the question below. An administrator has configured the WINDOS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic. What is a possible reason for this?
A. The IPS filter is missing the Protocol: HTTPS option
B. The HTTPS signatures have not been added to the sensor
C. A DoS policy should be used, instead of an IPS sensor
D. A DoS policy should be used, instead of an IPS sensor
E. The firewall policy is not using a full SSL inspection profile
عرض الإجابة
اجابة صحيحة: A
السؤال #2
What is required to create an inter-VDOM link between two VDOMs?
A. At least one of the VDOMs must operate in NAT mode
B. Both VDOMs must operate in NAT mode
C. The inspection mode of at least one VDOM must be NGFW policy-based
D. The inspection mode of both VDOMs must match
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Which statement about the IP authentication header (AH) used by IPsec is true?
A. AH does not support perfect forward secrecy
B. AH provides strong data integrity but weak encryption
C. AH provides data integrity but no encryption
D. AH does not provide any data integrity or encryption
عرض الإجابة
اجابة صحيحة: C
السؤال #4
You have tasked to design a new IPsec deployment with the following criteria: There are two HQ sues that all satellite offices must connect to The satellite offices do not need to communicate directly with other satellite offices No dynamic routing will be used The design should minimize the number of tunnels being configured. Which topology should be used to satisfy all of the requirements?
A. Partial mesh
B. Hub-and-spoke
C. Fully meshed
D. Redundant
عرض الإجابة
اجابة صحيحة: A
السؤال #5
What three FortiGate components are tested during the hardware test? (Choose three.)
A. CPU
B. Administrative access
C. HA heartbeat
D. Hard disk
E. Network interfaces
عرض الإجابة
اجابة صحيحة: ADE
السؤال #6
Examine this PAC file configuration. Which of the following statements are true? (Choose two.)
A. Browsers can be configured to retrieve this PAC file from the FortiGate
B. Any web request to the 172
C. All requests not made to Fortinet
D. Any web request fortinet
عرض الإجابة
اجابة صحيحة: CD
السؤال #7
Which two statements correctly describe auto discovery VPN (ADVPN)? (Choose two.)
A. IPSec tunnels are negotiated dynamically between spokes
B. ADVPN is supported only with IKEv2
C. It recommends the use of dynamic routing protocols, so that spokes can learn the routes to other spokes
D. Every spoke requires a static tunnel to be configured to other spokes, so that phase 1 and phase 2 proposals are defined in advance
عرض الإجابة
اجابة صحيحة: AC
السؤال #8
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
A. Traffic to botnetservers
B. Traffic to inappropriate web sites
C. Server information disclosure attacks
D. Credit card data leaks
E. SQL injection attacks
عرض الإجابة
اجابة صحيحة: A
السؤال #9
An administrator has configured the following settings: What does the configuration do? (Choose two.)
A. Reduces the amount of logs generated by denied traffic
B. Enforces device detection on all interfaces for 30 minutes
C. Blocks denied users for 30 minutes
D. Creates a session for traffic being denied
عرض الإجابة
اجابة صحيحة: D
السؤال #10
Which two static routes are not maintained in the routing table? (Choose two.)
A. Dynamic routes
B. Policy routes
C. Named Address routes
D. ISDB routes
عرض الإجابة
اجابة صحيحة: CD
السؤال #11
Examine the exhibit, which shows the partial output of an IKE real-time debug. Which of the following statement about the output is true?
A. The VPN is configured to use pre-shared key authentication
B. Extended authentication (XAuth) was successful
C. Remote is the host name of the remote IPsec peer
D. Phase 1 went down
عرض الإجابة
اجابة صحيحة: D
السؤال #12
Which condition must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
A. The private key of the CA certificate that is signed the browser certificate must be installed on the browser
B. The CA certificate that signed the web server certificate must be installed on the browser
C. The public key of the web server certificate must be installed on the web browser
D. The web-server certificate must be installed on the browser
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Which two statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
A. The firmware image must be uploaded manually to each FortiGate
B. Uninterruptable upgrade is enabled by default
C. Traffic load balancing is temporarily disabled while the firmware is upgraded
D. Only secondary FortiGate devices are rebooted
عرض الإجابة
اجابة صحيحة: BC
السؤال #14
NGFW mode allows policy-based configuration for most inspection rules. Which security profile configuration does not change when you enable policy-based inspection?
A. Application control
B. Web filtering
C. Web proxy
D. Antivirus
عرض الإجابة
اجابة صحيحة: D
السؤال #15
Which two statements about central NAT are true? (Choose two.)
A. SNAT using central NAT does not require a central SNAT policy
B. Central NAT can be enabled or disabled from the CLI only
C. IP pool references must be removed from existing firewall policies, before enabling central NAT
D. DNAT using central NAT requires a VIP object as the destination address in a firewall policy
عرض الإجابة
اجابة صحيحة: BC
السؤال #16
In an HA cluster operating in active-active mode, which path is taken by the SYN packet of an HTTP session that is offloaded to a secondary FortiGate?
A. Client > secondary FortiGate > primary FortiGate > web server
B. Client > primary FortiGate > secondary FortiGate > primary FortiGate > web server
C. Client > primary FortiGate > secondary FortiGate > web server
D. Client > secondary FortiGate > web server
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Which is the correct description of a hash result as it relates to digital certificates?
A. A unique value used to verify the input data
B. An output value that is used to identify the person or deduce that authored the input data
C. An obfuscation used to mask the input data
D. An encrypted output value used to safe-guard the input data
عرض الإجابة
اجابة صحيحة: B
السؤال #18
The exhibit shows a FortiGate configuration. How does FortiGate handle web proxy traffic coming from the IP address 10.2.1.200, that requires authorization?
A. It always authorizes the traffic without requiring authentication
B. It drops the traffic
C. It authenticates the traffic using the authentication scheme SCHEME2
D. It authenticates the traffic using the authentication scheme SCHEME1
عرض الإجابة
اجابة صحيحة: D
السؤال #19
An administrator needs to create an SSL-VPN connection for accessing an internal server using the bookmark, Port Forward. Which step must the administrator take to successfully achieve this configuration?
A. Configure an SSL VPN realm for clients to use the Port Forward bookmark
B. Configure the client application to forward IP traffic through FortiClient
C. Configure the virtual IP address to be assigned to the SSL VPN users
D. Configure the client application to forward IP traffic to a Java applet proxy
عرض الإجابة
اجابة صحيحة: D
السؤال #20
A user located behind the FortiGate device is trying to go to http://www.addictinggames.com (Addicting.Games). The exhibit shows the application detains and application control profile. Based on this configuration, which statement is true?
A. Addicting
B. Addicting
C. Addicting
D. Addicting
عرض الإجابة
اجابة صحيحة: D
السؤال #21
What FortiGate configuration is required to actively prompt users for credentials?
A. You must enable one or more protocols that support active authentication on a firewall policy
B. You must position the firewall policy for active authentication before a firewall policy for passive authentication
C. You must assign users to a group for active authentication
D. You must enable the Authentication setting on the firewall policy
عرض الإجابة
اجابة صحيحة: A
السؤال #22
Examine the network diagram shown in the exhibit, then answer the following question: Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?
A. 172
B. 0
C. 10
D. 172
عرض الإجابة
اجابة صحيحة: C
السؤال #23
An administrator wants to configure a FortiGate as a DNS server. FotiGate must use a DNS database first, and then relay all irresolvable queries to an external DNS server. Which DNS method must you use?
A. Recursive
B. Non-recursive
C. Forward to primary and secondary DNS
D. Forward to system DNS
عرض الإجابة
اجابة صحيحة: A
السؤال #24
The exhibit shows the output from a debug flow. Which two statements about the output are correct? (Choose two.)
A. The packet was allowed by the firewall policy with the ID 00007fc0
B. The source IP address of the packet was translated to 10
C. FortiGate received a TCP SYN/ACK packet
D. FortiGate routed the packet through port3
عرض الإجابة
اجابة صحيحة: CD
السؤال #25
Consider a new IPsec deployment with the following criteria: All satellite offices must connect to the two HQ sites. The satellite offices do not need to communicate directly with other satellite offices. Backup VPN is not required. The design should minimize the number of tunnels being configured. Which topology should you use to satisfy all of the requirements?
A. Partial mesh
B. Redundant
C. Full mesh
D. Hub-and-spoke
عرض الإجابة
اجابة صحيحة: D
السؤال #26
Which two statements about NTLM authentication are correct? (Choose two.)
A. It requires DC agents on every domain controller when used in multidomain environments
B. It is useful when users log in to DCs that are not monitored by a collector agent
C. It requires NTLM-enabled web browsers
D. It takes over as the primary authentication method when configured alongside FSSO
عرض الإجابة
اجابة صحيحة: BC
السؤال #27
Examine the exhibit, which contains a session diagnostic output. Which of the following statements about the session diagnostic output is true?
A. The session is in ESTABLISHED state
B. The session is in LISTEN state
C. The session is in TIME_WAIT state
D. The session is in CLOSE_WAIT state
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: