لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?
A. ystem event logs
B. ecurity logs
C. orward traffic logs
D. ocal traffic logs
عرض الإجابة
اجابة صحيحة: D
السؤال #2
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.*All traffic must be routed through the primary tunnel when both tunnels are up*The secondary tunnel must be used only if the primary tunnel goes down*In addition, FortiGate should be able to detect a dead tunnel to speed up tunnelfailoverWhich two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two, )
A. t is an idle timeout
B. t is a hard timeout
C. t is an idle timeout
D. t is a hard timeout
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Examine the following web filtering log.Which statement about the log message is true?
A. he action for the category Games is set to block
B. he usage quota for the IP address 10
C. he name of the applied web filter profile is default
D. he web site miniclip
عرض الإجابة
اجابة صحيحة: D
السؤال #4
Examine the routing database shown in the exhibit, and then answer the following question:
A. The port3 default route has the highest distance
B. The port3 default route has the lowest metric
C. There will be eight routes active in the routing table
D. The port1 and port2 default routes are active in the routing table
عرض الإجابة
اجابة صحيحة: AD
السؤال #5
What are two features of the NGFW policy-based mode? (Choose two.)
A. GFW policy-based mode does not require the use of central source NAT policy
B. GFW policy-based mode can only be applied globally and not on individual VDOMs_
C. GFW policy-based mode policies support only flow inspection
D. GFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
عرض الإجابة
اجابة صحيحة: CD
السؤال #6
What statement is true regarding the Service setting in a firewall policy? Response:
A. t is optional to add a service in a firewall policy
B. t matches the traffic by port number
C. nly one service object can be added to the firewall policy
D. dministrators cannot create custom services objects
عرض الإجابة
اجابة صحيحة: B
السؤال #7
Refer to the exhibits.The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook .Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts. Which part of the policy configuration must you change to resolve the issue?
A. ake SSL inspection needs to be a deep content inspection
B. orce access to Facebook using the HTTP service
C. et the additional application signatures are required to add to the security policy
D. dd Facebook in the URL category in the security policy
عرض الإجابة
اجابة صحيحة: A
السؤال #8
Examine this explicit web proxy configuration:What filter can be used u, the command diagnose sniffer packet to capture the traffic between the client and the explicit web pray?
A. host 10
B. host 192
C. host 192
D. host 10
عرض الإجابة
اجابة صحيحة: B
السؤال #9
An administrator is configuring an IPsec between site A and site B. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24. How must the administrator configure the local quick mode selector for site B?
A. 92
B. 92
C. 92
D. 92
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Refer to the exhibits.Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)
A. 92
B. 92
C. 92
D. 92
عرض الإجابة
اجابة صحيحة: CD
السؤال #11
View the exhibit.Which users and user groups are allowed access to the network through captive portal?
A. sers and groups defined in the firewall policy
B. nly individual users \xad not groups \xad defined in the captive portal configuration
C. roups defined in the captive portal configuration
D. ll users
عرض الإجابة
اجابة صحيحة: A
السؤال #12
What happens to traffic that is routed through an IPsec tunnel, but does not match any of the phase 2 quick mode selectors?
A. t crosses the tunnel, but is not inspected
B. t is dropped
C. t crosses the tunnel, but is not encrypted
D. t is routed using the next route in the routing table
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)
A. uth-on-demand
B. oft-timeout
C. dle-timeout
D. ew-session
E. ard-timeout
عرض الإجابة
اجابة صحيحة: CD
السؤال #14
Which of the following statements about the FSSO collector agent timers is true?
A. he workstation verify interval is used to periodically check of a workstation is still a domain member
B. he IP address change verify interval monitors the server IP address where the collector agent is installed, and the updates the collector agent configuration if it changes
C. he user group cache expiry is used to age out the monitored groups
D. he dead entry timeout interval is used to age out entries with an unverified status
عرض الإجابة
اجابة صحيحة: D
السؤال #15
View the exhibit:The client cannot connect to the HTTP web server. The administrator ran the FortiGate built-in sniffer and got the following output:What should be done next to troubleshoot the problem?
A. un a sniffer in the web server
B. xecute another sniffer in the FortiGate, this time with the filter "host 10
C. apture the traffic using an external sniffer connected to port1
D. xecute a debug flow
عرض الإجابة
اجابة صحيحة: D
السؤال #16
Which statement about SSL VPN settings for an SSL VPN portal is true?
A. By default, DNS split tunneling is enabled
B. By default, the admin GUI and the SSL VPN portal use the same HTTPS port
C. By default, the SSL VPN portal requires the installation of a client"?s certificate
D. By default, FortiGate uses WINS servers to resolve names
عرض الإجابة
اجابة صحيحة: B
السؤال #17
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.-All traffic must be routed through the primary tunnel when both tunnels are up-The secondary tunnel must be used only if the primary tunnel goes down-In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failoverWhich two key configuration changes are needed in FortiGate to meet the design requirements? (Choose two.)
A. 92
B. 92
C. 92
D. 92
عرض الإجابة
اجابة صحيحة: BD
السؤال #18
Examine the exhibit, which contains a virtual IP and firewall policy configuration.
A. 10
B. Any available IP address in the WAN (port1) subnet 10
C. 10
D. 10
عرض الإجابة
اجابة صحيحة: C
السؤال #19
View the exhibit.Which of the following statements are correct? (Choose two.)
A. CRL
B. person
C. subordinate CA
D. root CA
عرض الإجابة
اجابة صحيحة: CD
السؤال #20
Which of the following features is supported by web filter in flow-based inspection mode with NGFW mode set to profile-based?
A. ortiGuard Quotas
B. tatic URL
C. earch engines
D. ating option
عرض الإجابة
اجابة صحيحة: B
السؤال #21
View the exhibit.Which of the following statements are correct? (Choose two.)
A. ddicting
B. ddicting
C. ddicting
D. ddicting
عرض الإجابة
اجابة صحيحة: CD
السؤال #22
In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)
A. t always authorizes the traffic without requiring authentication
B. t drops the traffic
C. t authenticates the traffic using the authentication scheme SCHEME2
D. t authenticates the traffic using the authentication scheme SCHEME1
عرض الإجابة
اجابة صحيحة: BDE
السؤال #23
Examine this output from the diagnose sys top command:Which statements about the output are true?(Choose two.)
A. euristics -> grayware -> antivirus
B. ntivirus -> grayware -> heuristics
C. ntivirus -> heuristics -> grayware
D. rayware -> antivirus -> heuristics
عرض الإجابة
اجابة صحيحة: BC
السؤال #24
An administrator has configured the following settings:What are the two results of this configuration? (Choose two.)
A. et system performance status
B. et system status
C. et system arp
D. iagnose sys top
عرض الإجابة
اجابة صحيحة: AC
السؤال #25
An administrator is running the following sniffer command:diagnose sniffer packet any "host 10.0.2.10" 3Which three items will be included in the sniffer output? (Choose three.)
A. IP header
B. Interface name
C. Packet payload
D. Ethernet header
E. Application header
عرض الإجابة
اجابة صحيحة: ACD
السؤال #26
In firewall policy NAT, which of the following IP pool types can be used to explicitly associate an internal address range to an external address range for source NAT? Response:
A. ne-to-one
B. ixed port range
C. verload
D. ort block allocation
عرض الإجابة
اجابة صحيحة: B
السؤال #27
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
A. o remove the NAT operation
B. o generate logs
C. o finish any inspection operations
D. o allow for out-of-order packets that could arrive after the FIN/ACK packets
عرض الإجابة
اجابة صحيحة: CDE
السؤال #28
An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?
A. LAN interface
B. oftware Switch interface
C. ggregate interface
D. edundant interface
عرض الإجابة
اجابة صحيحة: C
السؤال #29
Which two statements are true about the Security Fabric rating? (Choose two.)
A. nterface Pair view will be disabled
B. earch option will be disabled
C. olicy lookup will be disabled
D. y Sequence view will be disabled
عرض الإجابة
اجابة صحيحة: BC
السؤال #30
Which two settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)
A. Enable Event Logging
B. Enable disk logging
C. Enable a web filter security profile on the Full Access firewall policy
D. Enable Log Allowed Traffic on the Full Access firewall policy
عرض الإجابة
اجابة صحيحة: CD
السؤال #31
A team manager has decided that while some members of the team need access to particular website, the majority of the team does not. Which configuration option is the most effective option to support this request?
A. Implement a web filter category override for the specified website
B. Implement web filter authentication for the specified website
C. Implement web filter quotas for the specified website
D. Implement DNS filter for the specified website
عرض الإجابة
اجابة صحيحة: A
السؤال #32
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?
A. ialup User
B. tatic IP Address
C. re-shared Key
D. ynamic DNS
عرض الإجابة
اجابة صحيحة: C
السؤال #33
Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)
A. execute ping
B. diagnose sys top
C. get system arp
D. execute traceroute
E. diagnose sniffer packet any
عرض الإجابة
اجابة صحيحة: ADE
السؤال #34
Examine the exhibit, which contains a virtual IP and firewall policy configuration.The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?
A. 0
B. ny available IP address in the WAN (port1) subnet 10
C. 0
D. 0
عرض الإجابة
اجابة صحيحة: C
السؤال #35
An administrator needs to strengthen the security for SSL VPN access. Which of the following statements are best practices to do so? (Choose three.)
A. he web filtering database is downloaded locally on FortiGate
B. ntivirus signatures are downloaded locally on FortiGate
C. ortiGate downloads IPS updates using UDP port 53 or 8888
D. ortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates
عرض الإجابة
اجابة صحيحة: CDE
السؤال #36
Which of the following SD-WAN load balancing method use interface weight value to distribute traffic? (Choose two.)
A. ortiGate automatically negotiates different local and remote addresses with the remote peer
B. ortiGate automatically negotiates a new security association after the existing security association expires
C. ortiGate automatically negotiates different encryption and authentication algorithms with the remote peer
D. ortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel
عرض الإجابة
اجابة صحيحة: CD
السؤال #37
Why does FortiGate keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?
A. To generate logs
B. To finish any inspection operations
C. To remove the NAT operation
D. To allow for out-of-order packets that could arrive after the FIN/ACK packets
عرض الإجابة
اجابة صحيحة: D
السؤال #38
Which statement about firewall policy NAT is true?
A. NAT is not supported
B. NAT can automatically apply to multiple firewall policies, based on DNAT rules
C. ou must configure SNAT for each firewall policy
D. NAT can automatically apply to multiple firewall policies, based on SNAT rules
عرض الإجابة
اجابة صحيحة: C
السؤال #39
An administrator has configured central DNAT and virtual IPs. Which of the following can be selected in the firewall policy Destination field?
A. VIP group
B. he mapped IP address object of the VIP object
C. VIP object
D. n IP pool
عرض الإجابة
اجابة صحيحة: C
السؤال #40
Refer to the exhibit.A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
A. tatic IP Address
B. ialup User
C. ynamic DNS
D. re-shared Key
عرض الإجابة
اجابة صحيحة: D
السؤال #41
Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)
A. hange password
B. nable restrict access to trusted hosts
C. hange Administrator profile
D. nable two-factor authentication
عرض الإجابة
اجابة صحيحة: A
السؤال #42
Refer to the following exhibit.Why is FortiGate not blocking the test file over FTP download?
A. olicy with ID 1
B. olicies with ID 2 and 3
C. olicy with ID 5
D. olicy with ID 4
عرض الإجابة
اجابة صحيحة: D
السؤال #43
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?
A. olicy lookup will be disabled
B. y Sequence view will be disabled
C. earch option will be disabled
D. nterface Pair view will be disabled
عرض الإجابة
اجابة صحيحة: D
السؤال #44
Examine this output from a debug flow:Why did the FortiGate drop the packet?
A. he web site www
B. he user has not authenticated with the FortiGate yet
C. he web server IP address 204
D. he rating for the web site www
عرض الإجابة
اجابة صحيحة: D
السؤال #45
Which file names will match the *.tiff file name pattern configured in a DLP filter? (Choose two.)
A. isabling split tunneling
B. onfiguring web bookmarks
C. ssigning public IP addresses to SSL VPN clients
D. sing web-only mode
عرض الإجابة
اجابة صحيحة: BC
السؤال #46
Which two statements are correct about SLA targets? (Choose two.)
A. he session is in SYN_SENT state
B. he session is in FIN_WAIT state
C. he session is in ESTABLISHED state
D. he session is in FIN_ACK state
عرض الإجابة
اجابة صحيحة: BD
السؤال #47
If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?
A. he Services field prevents SNAT and DNAT from being combined in the same policy
B. he Services field is used when you need to bundle several VIPs into VIP groups
C. he Services field removes the requirement to create multiple VIPs for different services
D. he Services field prevents multiple sources of traffic from using multiple services to connect to a single computer
عرض الإجابة
اجابة صحيحة: C
السؤال #48
Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)
A. he flow-based Inspection is used, which resets the last packet to the user
B. he volume of traffic being inspected is too high for this model of FortiGate
C. he firewall policy performs the full content inspection on the file
D. he intrusion prevention security profile needs to be enabled when using flow-based inspection mode
عرض الإجابة
اجابة صحيحة: BD
السؤال #49
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?
A. y default, FortiGate uses WINS servers to resolve names
B. y default, the SSL VPN portal requires the installation of a client’s certificate
C. y default, split tunneling is enabled
D. y default, the admin GUI and SSL VPN portal use the same HTTPS port
عرض الإجابة
اجابة صحيحة: A
السؤال #50
Which statements about DNS filter profiles are true? (Choose two.)
A. oth interfaces must belong to the same forward domain
B. he role of the VLAN10 interface must be set to server
C. oth interfaces must have the same VLAN ID
D. oth interfaces must be in different VDOMs
عرض الإجابة
اجابة صحيحة: BC
السؤال #51
Examine this FortiGate configuration: How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?
A. t always authorizes the traffic without requiring authentication
B. t drops the traffic
C. t authenticates the traffic using the authentication scheme SCHEME2
D. t authenticates the traffic using the authentication scheme SCHEME1
عرض الإجابة
اجابة صحيحة: D
السؤال #52
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?
A. olicy lookup will be disabled
B. y Sequence view will be disabled
C. earch option will be disabled
D. nterface Pair view will be disabled
عرض الإجابة
اجابة صحيحة: A
السؤال #53
Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup tunnels?
A. Main mode does not support XAuth for user authentication
B. In aggressive mode, the remote peers are able to provide their peer IDs in the first message
C. FortiGate is able to handle NATed connections only in aggressive mode
D. FortiClient supports only aggressive mode
عرض الإجابة
اجابة صحيحة: B
السؤال #54
Which statement regarding the firewall policy authentication timeout is true?
A. t is an idle timeout
B. t is a hard timeout
C. t is an idle timeout
D. t is a hard timeout
عرض الإجابة
اجابة صحيحة: A
السؤال #55
An administrator does not want to report the logon events of service accounts to FortiGate.What setting on the collector agent is required to achieve this?
A. Add the support of NTLM authentication
B. Add user accounts to the FortiGate group filter
C. Add user accounts to Active Directory (AD)
D. Add user accounts to the Ignore User List
عرض الإجابة
اجابة صحيحة: D
السؤال #56
Refer to the exhibit to view the application control profile.Based on the configuration, what will happen to Apple FaceTime?
A. pple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration
B. pple FaceTime will be allowed, based on the Apple filter configuration
C. pple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn
D. pple FaceTime will be allowed, based on the Categories configuration
عرض الإجابة
اجابة صحيحة: A
السؤال #57
An administrator is running the following sniffer command:diagnose sniffer packet any "host 10.0.2.10" 3What information will be included in the sniffer output? (Choose three.)
A. IP header
B. Ethernet header
C. Packet payload
D. Application header
E. Interface name
عرض الإجابة
اجابة صحيحة: ABC
السؤال #58
An administrator has configured a strict RPF check on FortiGate.Which statement is true about the strict RPF check?
A. raffic matching the signature will be silently dropped and logged
B. he signature setting uses a custom rating threshold
C. he signature setting includes a group of other signatures
D. raffic matching the signature will be allowed and logged
عرض الإجابة
اجابة صحيحة: B
السؤال #59
An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection.Which FortiGate configuration can achieve this goal?
A. SSL VPN bookmark
B. SSL VPN tunnel
C. Zero trust network access
D. SSL VPN quick connection
عرض الإجابة
اجابة صحيحة: B
السؤال #60
Examine the exhibit, which shows the partial output of an IKE real-time debug.Which of the following statement about the output is true?
A. he VPN is configured to use pre-shared key authentication
B. xtended authentication (XAuth) was successful
C. emote is the host name of the remote IPsec peer
D. hase 1 went down
عرض الإجابة
اجابة صحيحة: A
السؤال #61
An administrator wants to configure timeouts for users. Regardless of the user’s behavior, the timer should start as soon as the user authenticates and expire after the configured value.Which timeout option should be configured on FortiGate?
A. oft-timeout
B. ew-session
C. dle-timeout
D. ard-timeout
E. uth-on-demand
عرض الإجابة
اجابة صحيحة: D
السؤال #62
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)
A. nter-VDOM links are required to allow traffic between the Local and Root VDOMs
B. static route is required on the To_Internet VDOM to allow LAN users to access the internet
C. nter-VDOM links are required to allow traffic between the Local and DMZ VDOMs
D. nter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM
عرض الإجابة
اجابة صحيحة: AD
السؤال #63
Refer to the exhibit.
A. The HTTPS signatures have not been added to the sensor
B. The IPS filter is missing the Protocol:HTTPS option
C. The firewall policy is not using a full SSL inspection profile
D. A DoS policy should be used, instead of an IPS sensor
عرض الإجابة
اجابة صحيحة: C
السؤال #64
An administration wants to throttle the total volume of SMTP sessions to their email server. Which of the following DoS sensors can be used to achieve this?
A. cp_port_scan
B. p_dst_session
C. dp_flood
D. p_src_session
عرض الإجابة
اجابة صحيحة: A
السؤال #65
View the exhibit.Which of the following statements are correct? (Choose two.)
A. onfigure Source IP Pools
B. onfigure split tunneling in tunnel mode
C. onfigure different SSL VPN realms
D. onfigure host check
عرض الإجابة
اجابة صحيحة: CD
السؤال #66
Refer to the exhibit, which contains a static route configuration.An administrator created a static route for Amazon Web Services.Which CLI command must the administrator use to view the route?
A. get router info routing-table database
B. diagnose firewall route list
C. get internet-service route list
D. get router info routing-table all
عرض الإجابة
اجابة صحيحة: B
السؤال #67
View the exhibit.What behavior results from this full (deep) SSL configuration? (Choose two.)
A. he user was authenticated using passive authentication
B. o matching user account exists for this user
C. he user is using a super admin account
D. he user is using a guest account profile
عرض الإجابة
اجابة صحيحة: AB
السؤال #68
Examine the partial output from the diagnose sys session list CLI command.What does this output state?
A. roto_state=05 is the TCP state
B. roto_state=05 is the U DP state
C. roto_state=05 is the ICMP state
D. imeout=3600 reflects the maximum length of time a session can be opened
عرض الإجابة
اجابة صحيحة: A
السؤال #69
View the exhibit.Which statement is true regarding Restrict Access in the SSL-VPN Settings?
A. SL VPN users will have access to only the REMOTE_ETH 1 subnet
B. nly users within the REMOTE_ETH1 subnet range will have access to the SSL VPN web portal login page
C. ortiGate will assign an IP address to the SSL VPN network adaptor from the REMOTE_ETH1 subnet
D. t enables client integrity check for the SSL VPN users in the REMOTE_ETH1 subnet
عرض الإجابة
اجابة صحيحة: B
السؤال #70
How can you format the FortiGate flash disk?
A. oad the hardware test (HQIP)
B. xecute the CLI command execute formatlogdisk
C. oad a debug FortiOS
D. elect the format boot device option from the BIOS menu
عرض الإجابة
اجابة صحيحة: D
السؤال #71
Examine the exhibit, which contains a session diagnostic output.
A. The session is in ESTABLISHED state
B. The session is in LISTEN state
C. The session is in TIME_WAIT state
D. The session is in CLOSE_WAIT state
عرض الإجابة
اجابة صحيحة: A
السؤال #72
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)
A. FortiGuard update servers
B. System time
C. Operating mode
D. NGFW mode
عرض الإجابة
اجابة صحيحة: BD
السؤال #73
An administrator observes that the port1 inteface cannot be configured with an IP address.What are three possible reasons for this? (Choose three.)
A. The operation mode is transparent
B. The interface is a member of a virtual wire pair
C. The interface is a member of a zone
D. The interface has been configured for one-arm sniffer
E. Captive portal is enabled in the interface
عرض الإجابة
اجابة صحيحة: ABD
السؤال #74
A FortiGate device has multiple VDOMs. Which statement about an administrator account configured with the default prof_admin profile is true?
A. t can create administrator accounts with access to the same VDOM
B. t cannot have access to more than one VDOM
C. t can reset the password for the admin account
D. t can upgrade the firmware on the FortiGate device
عرض الإجابة
اجابة صحيحة: A
السؤال #75
Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels?
A. n aggressive mode, the remote peers are able to provide their peer IDs in the first message
B. ortiGate is able to handle NATed connections only in aggressive mode
C. ortiClient only supports aggressive mode
D. ain mode does not support XAuth for user authentication
عرض الإجابة
اجابة صحيحة: A
السؤال #76
Refer to the exhibit.
A. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default
B. Broadcast traffic received on port1-VLAN10 will not be forwarded to port2-VLAN10
C. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs
D. port1-VLAN1 is the native VLAN for the port1 physical interface
عرض الإجابة
اجابة صحيحة: BC
السؤال #77
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
A. t must be configured in a static route using the sdwan virtual interface
B. t must be provided in the SD-WAN member interface configuration
C. t must be configured in a policy-route using the sdwan virtual interface
D. t must be learned automatically through a dynamic routing protocol
عرض الإجابة
اجابة صحيحة: C
السؤال #78
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
A. he session is in SYN_SENT state
B. he session is in FIN_ACK state
C. he session is in FTN_WAIT state
D. he session is in ESTABLISHED state
عرض الإجابة
اجابة صحيحة: CD
السؤال #79
Which two statements ate true about the Security Fabric rating? (Choose two.)
A. onfigure Source IP Pools
B. onfigure split tunneling in tunnel mode
C. onfigure different SSL VPN realms
D. onfigure host check
عرض الإجابة
اجابة صحيحة: BC
السؤال #80
Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)
A. ort2
B. ort4
C. ort3
D. ort1
عرض الإجابة
اجابة صحيحة: BC
السؤال #81
An administrator wants to configure timeouts for users. Regardless of the userTMs behavior, the timer should start as soon as the user authenticates and expire after the configured value. Which timeout option should be configured on FortiGate?
A. o allow for out-of-order packets that could arrive after the FIN/ACK packets
B. o finish any inspection operations
C. o remove the NAT operation
D. o generate logs
عرض الإجابة
اجابة صحيحة: E
السؤال #82
In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a secondary FortiGate?
A. lient > primary FortiGate> secondary FortiGate> primary FortiGate> web server
B. lient > secondary FortiGate> web server
C. lient >secondary FortiGate> primary FortiGate> web server
D. lient> primary FortiGate> secondary FortiGate> web server
عرض الإجابة
اجابة صحيحة: D
السؤال #83
An employee needs to connect to the office through a high-latency internet connection.Which SSL VPN setting should the administrator adjust to prevent SSL VPN negotiation failure?
A. dle-timeout
B. ogin-timeout
C. dp-idle-timer
D. ession-ttl
عرض الإجابة
اجابة صحيحة: B
السؤال #84
Examine the exhibit, which contains a virtual IP and a firewall policy configuration.The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP address 10.0.1.254/24. The top firewall policy has NAT enabled using outgoing interface address. The second firewall policy configured with a virtual IP (VIP) as the destination address.Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?
A. 0
B. 0
C. ny available IP address in the WAN(port1) subnet 10
D. 0
عرض الإجابة
اجابة صحيحة: D
السؤال #85
Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?
A. iagnose wad session list
B. iagnose wad session list | grep hook-pre&&hook-out
C. iagnose wad session list | grep hook=pre&&hook=out
D. iagnose wad session list | grep "hook=pre"&"hook=out"
عرض الإجابة
اجابة صحيحة: A
السؤال #86
Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)
A. t notifies the administrator by sending an email
B. t provides a DLP block replacement page with a link to download the file
C. t blocks all future traffic for that IP address for a configured interval
D. t archives the data for that IP address
عرض الإجابة
اجابة صحيحة: AC
السؤال #87
If antivirus, grayware, and heuristic scans are enabled on FortiGate, in which order does FortiGate apply the scanning?
A. onfiguring the HA override will reboot the FortiGate device
B. t synchronizes device priority on all cluster members
C. t is used to enable monitored ports
D. ou must configure override settings manually and separately for each cluster member
عرض الإجابة
اجابة صحيحة: B
السؤال #88
Refer to the exhibits.The exhibits contain a network diagram, central SNAT policy, and IP pool configuration.Exhibit
A. xhibit B
A. 10
B. 10
C. 10
D. 10
عرض الإجابة
اجابة صحيحة: A
السؤال #89
Refer to the exhibit.The exhibit contains a network diagram, central SNAT policy, and IP pool configuration. The WAN (port1) interface has the IP address 10.200. 1. 1/24. The LAN (port3) interface has the IP address 10.0. 1.254/24. A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1). Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied. Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0. 1. 10
A. 0
B. 0
C. 0
D. 0
عرض الإجابة
اجابة صحيحة: D
السؤال #90
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?
A. he next-hop IP address is unreachable
B. t failed the RPF check
C. t matched an explicitly configured firewall policy with the action DENY
D. t matched the default implicit firewall policy
عرض الإجابة
اجابة صحيحة: D
السؤال #91
A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface.Which statements about the VLAN sub interfaces can have the same VLAND ID, only if they have IP addresses in different subnets?
A. he two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets
B. he two VLAN sub interfaces must have different VLAN IDs
C. he two VLAN sub interfaces can have the same VLAN ID, only if they belong to different VDOMs
D. he two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in the same subnet
عرض الإجابة
اجابة صحيحة: B
السؤال #92
View the exhibit.Based on this output, which statements are correct? (Choose two.)
A. s the source in a firewall policy
B. s the source in a proxy policy
C. s the destination in a firewall policy
D. s the destination in a proxy policy
عرض الإجابة
اجابة صحيحة: BC
السؤال #93
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
A. t can archive files and messages
B. t can be applied to a firewall policy in a flow-based VDOM
C. raffic shaping can be applied to DLP sensors
D. iles can be sent to FortiSandbox for detecting DLP threats
عرض الإجابة
اجابة صحيحة: ACE
السؤال #94
An administrator has configured the following settings:What are the two results of this configuration? (Choose two.)
A. roxy Policy
B. uthentication Rule
C. irewall Policy
D. uthentication scheme
عرض الإجابة
اجابة صحيحة: CD
السؤال #95
Which two statements describe how the RPF check is used? (Choose two.)
A. The RPF check is a mechanism that protects FortiGate and the network from IP spoofing attacks
B. The RPF check is run on the first sent and reply packet of any new session
C. The RPF check is run on the first sent packet of any new session
D. The RPF check is run on the first reply packet of any new session
عرض الإجابة
اجابة صحيحة: AC
السؤال #96
Examine this output from a debug flow:Why did the FortiGate drop the packet?
A. he next-hop IP address is unreachable
B. t failed the RPF check
C. t matched an explicitly configured firewall policy with the action DENY
D. t matched the default implicit firewall policy
عرض الإجابة
اجابة صحيحة: D
السؤال #97
What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)
A. ortiGate regenerates the algorithm based on the login credentials and compares it to the algorithm stored on the LDAP server
B. ortiGate sends the user-entered credentials to the LDAP server for authentication
C. ortiGate queries the LDAP server for credentials
D. ortiGate queries its own database for credentials
عرض الإجابة
اجابة صحيحة: BC
السؤال #98
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
A. By default, all interfaces are part of the same broadcast domain
B. FortiGate forwards frames without changing the MAC address
C. Static routes are required to allow traffic to the next hop
D. The existing network IP schema must be changed when installing a transparent mode FortiGate in the network
عرض الإجابة
اجابة صحيحة: AB
السؤال #99
Which of the following statements are true when using Web Proxy Auto-discovery Protocol (WPAD) with the DHCP discovery method?(Choose two.)
A. he dead entry timeout interval is used to age out entries with an unverified status
B. he workstation verify interval is used to periodically check if a workstation is still a domain member
C. he user group cache expiry is used to age out the monitored groups
D. he IP address change verify interval monitors the server IP address where the collector agent is installed, and updates the collector agent configuration if it changes
عرض الإجابة
اجابة صحيحة: AD
السؤال #100
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.Which DPD mode on FortiGate will meet the above requirement?
A. n Demand
B. isabled
C. n Idle
D. nabled
عرض الإجابة
اجابة صحيحة: C
السؤال #101
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
A. ortiManager
B. oot FortiGate
C. ortiAnalyzer
D. ownstream FortiGate
عرض الإجابة
اجابة صحيحة: AC
السؤال #102
Refer to the exhibits.Exhibit
A. xhibit B
A. port2
B. port3
C. port4
D. port1
عرض الإجابة
اجابة صحيحة: C
السؤال #103
Refer to the exhibit, which contains a static route configuration.An administrator created a static route for Amazon Web Services.Which CLI command must the administrator use to view the route?
A. et router info routing-table database
B. iagnose firewall proute list
C. et internet-service route list
D. et router info routing-table all
عرض الإجابة
اجابة صحيحة: B
السؤال #104
Examine the exhibit.A client workstation is connected to FortiGate port2. The Fortigate port1 is connected to an ISP router. Port2 and port3 are both configured as a software switch.What IP address must be configured in the workstation as the default gateway? Response:
A. he port2's IP address
B. he router's IP address
C. he FortiGate's management IP address
D. he software switch interface's IP address
عرض الإجابة
اجابة صحيحة: D
السؤال #105
How does FortiGate select the central SNAT policy that is applied to a TCP session? Response:
A. t selects the SNAT policy specified in the configuration of the outgoing interface
B. t selects the first matching central-SNAT policy from top to bottom
C. t selects the central-SNAT policy with the lowest priority
D. t selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic
عرض الإجابة
اجابة صحيحة: B
السؤال #106
Refer to the exhibit.An administrator is running a sniffer command as shown in the exhibit.Which three pieces of information are included in the sniffer output? (Choose three.)
A. Interface name
B. Ethernet header
C. IP header
D. Application header
E. Packet payload
عرض الإجابة
اجابة صحيحة: BCE
السؤال #107
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
A. t limits the scope of application control to the browser-based technology category only
B. t limits the scope of application control to scan application traffic based on application category only
C. t limits the scope of application control to scan application traffic using parent signatures only
D. t limits the scope of application control to scan application traffic on DNS protocol only
عرض الإجابة
اجابة صحيحة: D
السؤال #108
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
A. he collector agent uses a Windows API to query DCs for user logins
B. etAPI polling can increase bandwidth usage in large networks
C. he collector agent must search security event logs
D. he NetSession Enum function is used to track user logouts
عرض الإجابة
اجابة صحيحة: D
السؤال #109
Examine this output from a debug flow:Why did the FortiGate drop the packet?
A. he next-hop IP address is unreachable
B. t failed the RPF check
C. t matched an explicitly configured firewall policy with the action DENY
D. t matched the default implicit firewall policy
عرض الإجابة
اجابة صحيحة: D
السؤال #110
What information is flushed when the chunk-size value is changed in the config dlp settings? Response:
A. he database for DLP document fingerprinting
B. he supported file types in the DLP filters
C. he archived files and messages
D. he file name patterns in the DLP filters
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.