Which statement about firewall policy NAT is true?

A new administrator is configuring FSSO authentication on FortiGate using DC Agent Mode. Which step is NOT part of the expected process?

What must you configure to enable proxy-based TCP session failover?

You have created a web filter profile named restrict_media - profile with a daily category usage quota. When you are adding the profile to the firewall policy, the restrict_media - profile is not listed in the available web profile drop down. What could be the reason?

Refer to the exhibit. Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP .Login.Failed signature to the IPS sensor profile?

Which statement correctly describes the use of reliable logging on FortiGate?

Which two settings must you configure when FortiGate is being deployed as a root FortiGate in a Security Fabric topology? (Choose two.)

Which two statements about incoming and outgoing interfaces in firewall policies are true? (Choose two.)

Refer to the exhibits. The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook. Users are given access to the Facebook web application. They can play video content hosted on Facebook, but they are unable to leave reactions on videos or other types of posts. Which part of the policy configuration must you change to resolve the issue?

A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service. Which type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

Refer to the exhibits. Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two results are correct? (Choose two.)

Which timeout setting can be responsible for deleting SSL VPN associated sessions?

Refer to the exhibits. An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW). What must the administrator do to synchronize the address object?

Refer to the exhibits. The exhibits contain a network diagram, and virtual IP, IP pool, and firewall policies configuration information. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10.0.1.254/24. The first firewall policy has NAT enabled using IP pool. The second firewall policy is configured with a VIP as the destination address. Which IP address will be used to source NAT (SNAT) the internet traffic coming from a workstation with the IP address