لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below. Which IP addresses are included in the output of this command?
A. Those whose traffic matches a DoS policy
B. Those whose traffic matches an IPS sensor
عرض الإجابة
اجابة صحيحة: C
السؤال #2
A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)
A. Firewall monitor
عرض الإجابة
اجابة صحيحة: D
السؤال #3
What events are recorded in the crashlogs of a FortiGate device? (Choose two.) A.A process crash.
B. Configuration changes
عرض الإجابة
اجابة صحيحة: B
السؤال #4
An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit’s session to indicate that it has been synchronized to the secondary unit? A.redir. B.dirty. C.synced D.nds.
An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit’s session to indicate that it has been synchronized to the secondary unit? A
عرض الإجابة
اجابة صحيحة: D
السؤال #5
Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command. Based on the output, which two statements are correct? (Choose two.)
A. Phase 2 authentication is set to sha1 on both sides
B. Anti-replay is disabled
C. Hub2Spoke1 is a policy-based VPN
D. Hub2Spoke1 is configured on interface wan2
عرض الإجابة
اجابة صحيحة: AD
السؤال #6
Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem? A.Group ID.
B. Group name
عرض الإجابة
اجابة صحيحة: D
السؤال #7
Refer to the exhibit, which contains a TCL script configuration on FortiManager. An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run. Why did the TCL script fail to make any changes to the managed device?
A. The TCL script must start with #include <>
B. The TCL command run_cmd has not been created
D. Incomplete commands are ignored in TCL scripts
عرض الإجابة
اجابة صحيحة: B
السؤال #8
An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.) A.Router ID.
B. OSPF interface area
E. Interface subnet mask
عرض الإجابة
اجابة صحيحة: A
السؤال #9
An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this prob
B. TCP half close
عرض الإجابة
اجابة صحيحة: AD
السؤال #10
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below. Why didn’t the tunnel come up?
A. IKE mode configuration is not enabled in the remote IPsec gateway
B. The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration
عرض الإجابة
اجابة صحيحة: CD
السؤال #11
Examine the following partial output from a sniffer command; then answer the question below. What is the meaning of the packets dropped counter at the end of the sniffer?
A. Number of packets that didn’t match the sniffer filter
B. Number of total packets dropped by the FortiGate
عرض الإجابة
اجابة صحيحة: AC
السؤال #12
Refer to the exhibit, which contains the debug output of diagnose dvm device list. Which two statements about the output shown in the exhibit are correct? (Choose two.)
A. ADOMs are disabled on the FortiManager
B. The FortiGate configuration is in sync with latest running revision history
C. There are pending device-level changes yet to be installed on Local-FortiGate
D. The policy package has been modified for Local-FortiGate
عرض الإجابة
اجابة صحيحة: BC
السؤال #13
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?
A. FortiGate uses the CN information from the Subject field in the server certificate
B. FortiGate switches to the full SSL inspection method to decrypt the data
C. FortiGate uses the requested URL from the user’s web browser
D. FortiGate blocks the request without any further inspection
عرض الإجابة
اجابة صحيحة: A
السؤال #14
An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement about this setting is true?
A. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover
B. It sends a link failed signal to all connected devices
C. It disabled all the non-heartbeat interfaces in all HA members for two seconds after a failover
D. It forces the former primary device to shut down all its non-heartbeat interfaces for one second, while the failover occurs
عرض الإجابة
اجابة صحيحة: B
السؤال #15
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below. Which statements are true regarding the output in the exhibit? (Choose two.) A.BGP state of the peer 10.125.0.60 is Established. B.BGP peer 10.200.3.1 has never been down since the BGP counters were cleared. C.Local BGP peer has not received an OpenConfirm from 10.200.3.1. D.The local BGP peer has received a total of 3 BGP prefixes.
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below. Which statements are true regarding the output in the exhibit? (Choose two
عرض الإجابة
اجابة صحيحة: C
السؤال #16
Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; than answer the question below. Which statement is true regarding the session in the exhibit?
A. It was created by the FortiGate kernel to allow push updates from FotiGuard
B. It is for management traffic terminating at the FortiGate
عرض الإجابة
اجابة صحيحة: D
السؤال #17
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug: diagnose debug application ike-1 diagnose debug enable In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?
A. Phase1; IKE mode configuration; XAuth; phase 2
B. Phase1; XAuth; IKE mode configuration; phase2
عرض الإجابة
اجابة صحيحة: B
السؤال #18
A FortiGate device has the following LDAP configuration: The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account: Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)
A. cnid
B. username
عرض الإجابة
اجابة صحيحة: C
السؤال #19
Refer to the exhibit, which shows a central management configuration. Which server will FortiGate choose for antivirus and IPS updates, if 10.0.1.243 is experiencing an outage?
A. 10
B. Public FortiGuard servers
C. 10
عرض الإجابة
اجابة صحيحة: AB
السؤال #20
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing: What should the administrator check to fix the problem?
A. The connectivity between the FortiGate unit and the DNS server
B. The connectivity between the client workstations and the DNS server
عرض الإجابة
اجابة صحيحة: AC
السؤال #21
Examine the output of the ‘get router info ospf neighbor’ command shown in the exhibit; then answer the question below. Which statements are true regarding the output in the exhibit? (Choose two.) Refer to the exhibit, which shows the output of a debug command. Which statement about the output is true?
A. TheOSPF routers with the IDs 0
B. The OSPF router with the ID 0
عرض الإجابة
اجابة صحيحة: B
السؤال #22
A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the ‘diagnose debug authd fsso list’ command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems. What should the administrator check? (Choose two.)
A. The user student must not be listed in the CA’s ignore user list
B. The user student must belong to one or more of the monitored user groups
عرض الإجابة
اجابة صحيحة: B
السؤال #23
When does a RADIUS server send an Access-Challenge packet?
A. The server does not have the user credentials yet
B. The server requires more information from the user, such as the token code for two-factor authentication
عرض الإجابة
اجابة صحيحة: BDE
السؤال #24
A FortiGate has two default routes: All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user: What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?
A. The session would be deleted, and the client would need to start a new session
B. The session would remain in the session table, and its traffic would start to egress from port2
عرض الإجابة
اجابة صحيحة: A
السؤال #25
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)
A. Installing configuration changes to managed devices
B. Importing interface mappings from managed devices
C. Adding devices to FortiManager
D. Previewing pending configuration changes for managed devices
عرض الإجابة
اجابة صحيحة: AD
السؤال #26
Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)
A. SIP session helper runs in the kernel; SIP ALG runs as a user space process
B. SIP ALG supports SIP HA failover; SIP helper does not
عرض الإجابة
اجابة صحيحة: BCD
السؤال #27
Examine the partial output from two web filter debug commands; then answer the question below: Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?
A. Finance and banking
B. General organization
عرض الإجابة
اجابة صحيحة: BC
السؤال #28
View the central management configuration shown in the exhibit, and then answer the question below. Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?
A. 10
B. One of the public FortiGuard distribution servers C
عرض الإجابة
اجابة صحيحة: A
السؤال #29
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below. Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?
A. The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet
B. The TCP session for the BGP connection to 10
عرض الإجابة
اجابة صحيحة: AD
السؤال #30
Examine the IPsec configuration shown in the exhibit; then answer the question below. An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands: diagnose vpn ike log-filter src-addr4 10.0.10.1 diagnose debug application ike -1 diagnose debug enable The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn’t there any output?
A. The IKE real time shows the phases 1 and 2 negotiations only
B. The log-filter setting is set incorrectly
عرض الإجابة
اجابة صحيحة: B
السؤال #31
Refer to the exhibit, which shows a FortiGate configuration. An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy. What must the administrator change to fix the issue?
A. The administrator must increase webfilter-timeout
B. The administrator must disable webfilter-force-off
C. The administrator must change protocol to TCP
D. The administrator must enable fortiguard-anycast
عرض الإجابة
اجابة صحيحة: D
السؤال #32
Refer to the exhibit, which shows the output of a debug command. Which two statements about the output are true? (Choose two.)
A. The local FortiGate OSPF router ID is 0
B. Port4 is connected to the OSPF backbone area
C. In the network connected to port4, two OSPF routers are down
D. The local FortiGate is the backup designated router
عرض الإجابة
اجابة صحيحة: AB
السؤال #33
Examine the following partial outputs from two routing debug commands; then answer the question below: Why the default route using port2 is not displayed in the output of the second command?
A. It has a lower priority than the default route using port1
B. It has a higher priority than the default route using port1
عرض الإجابة
اجابة صحيحة: C
السؤال #34
Refer to the exhibit, which contains the partial output of a diagnose command. Based on the output, which two statements are correct? (Choose two.)
A. Anti-replay is enabled
B. The remote gateway IP is 10
C. DPD is disabled
D. Quick mode selectors are disabled
عرض الإجابة
اجابة صحيحة: AB
السؤال #35
Refer to the exhibit, which shows the output of a diagnose command. Which two statements about the output in the exhibit are true? (Choose two.)
A. FortiGate will probe 121
B. Servers with a negative TZ value are experiencing a service outage
D. FortiGate used 209
عرض الإجابة
اجابة صحيحة: CD
السؤال #36
An administrator is running the following sniffer in a FortiGate: diagnose sniffer packet any “host 10.0.2.10” 2 What information is included in the output of the sniffer? (Choose two.)
A. Ethernet headers
B. IP payload
عرض الإجابة
اجابة صحيحة: A
السؤال #37
Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below. Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?
A. diagnose sniffer packet any ‘port 500’
B. diagnose sniffer packet any ‘esp’ C
عرض الإجابة
اجابة صحيحة: B
السؤال #38
Refer to the exhibit, which contains partial output from an IKE real-time debug. Which two statements about this debug output are correct? (Choose two.)
A. The remote gateway IP address is 10
B. The initiator provided remote as its IPsec peer ID
C. It shows a phase 1 negotiation
D. The negotiation is using AES128 encryption with CBC hash
عرض الإجابة
اجابة صحيحة: BC
السؤال #39
Refer to the exhibit, which shows the output of a BGP debug command. Which statement about the exhibit is true?
A. The local router has not established a TCP session with 100
B. The local router BGP state is OpenConfirm with the 10
C. Since the counters were last reset, the 100
D. The local router has received a total of three BGP prefixes from all peers
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.