لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service. Which type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?
A. Pre-shared key
B. Dialup usercorrect
C. Dynamic DNS
D. Static IP address
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Refer to exhibit. An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page. Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?
A. On the FortiGuard Category Based Filter configuration, set Action to Warning for Social Networking
B. On the Static URL Filter configuration, set Type to Simple
C. On the Static URL Filter configuration, set Action to Exempt
D. On the Static URL Filter configuration, set Action to Monitor
عرض الإجابة
اجابة صحيحة: C
السؤال #3
Which two statements about FortiGate antivirus databases are true? (Choose two.)
A. The quick scan database is part of the normal database
B. The extreme database is available only on certain FortiGate models
C. The extended database is available on all FortiGate models
D. The extended database is available only if AI scanning is enabled
عرض الإجابة
اجابة صحيحة: ABC
السؤال #4
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover. Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)
A. Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel
B. Configure a lower distance on the static route for the primary tunnel, and a higher distance on thestatic route for the secondary tunnel
C. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels
D. Enable Dead Peer Detection
عرض الإجابة
اجابة صحيحة: ABD
السؤال #5
Which NAT method translates the source IP address in a packet to another IP address?
A. DNAT
B. SNATcorrect
C. VIP
D. IPPOOL
عرض الإجابة
اجابة صحيحة: B
السؤال #6
What are three key routing principles in SD-WAN? (Choose three.)
A. By default
B. By default
C. By default
D. SD-WAN rules have precedence over any other type of routes
E. Regular policy routes have precedence over SD-WAN rules
عرض الإجابة
اجابة صحيحة: ACD
السؤال #7
Which statement is correct regarding the use of application control for inspecting web applications?
A. Application control can identify child and parent applications, and perform different actions on them
B. Application control signatures are organized in a nonhierarchical structure
C. Application control does not require SSL inspection to identify web applications
D. Application control does not display a replacement message for a blocked web application
عرض الإجابة
اجابة صحيحة: A
السؤال #8
Which two statements are true about the routing entries in this database table? (Choose two.)
A. All traffic from a source IP to a destination IP is sent to the same interface
B. Traffic is sent to the link with the lowest latency
C. Traffic is distributed based on the number of sessions through each interface
D. All traffic from a source IP is sent to the same interface
عرض الإجابة
اجابة صحيحة: CD
السؤال #9
Which additional load balancing method is supported in equal cost multipath (ECMP) load balancing when SD-WAN is enabled?
A. Volume basedcorrect
B. Source-destination IP based
C. Source IP based
D. Weight based
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Which are two benefits of using SD-WAN? (Choose two.)
A. FortiGate performs per-packet distribution across multiple SD-WAN members
B. WAN is used effectively
C. Application steering is available
D. Firewall policies are not required
عرض الإجابة
اجابة صحيحة: ABC
السؤال #11
An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbound traffic. Which DPD mode on FortiGate meets this requirement?
A. Enabled
B. On Idle
C. Disabled
D. On Demand
عرض الإجابة
اجابة صحيحة: B
السؤال #12
Refer to exhibit. An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page. Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?
A. On the FortiGuard Category Based Filter configuration, set Action to Warning for Social Networking
B. On the Static URL Filter configuration, set Type to Simple
C. On the Static URL Filter configuration, set Action to Exempt
D. On the Static URL Filter configuration, set Action to Monitor
عرض الإجابة
اجابة صحيحة: C
السؤال #13
Refer to the exhibits. The exhibits show the firewall policies and the objects used in the firewall policies. The administrator is using the Policy Lookup feature and has entered the search criteria shown in the exhibit. Which policy will be highlighted, based on the input criteria?
A. Policy with ID 4
B. Policy with ID 5
C. Policies with ID 2 and 3
D. Policy with ID 1
عرض الإجابة
اجابة صحيحة: B
السؤال #14
Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)
A. If SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume-based
B. If SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP
C. If SD-WAN is disabled, you configure the load balancing algorithm in config system settings
D. If SD-WAN is enabled, you control the load balancing algorithm with the parameter load-balance-mode
عرض الإجابة
اجابة صحيحة: AD
السؤال #15
Refer to the exhibits, which show the system performance output and the default configuration of high memory usage thresholds in a FortiGate. Based on the system performance output, what can be the two possible outcomes? (Choose two.)
A. FortiGate will start sending all files to FortiSandbox for inspection
B. FortiGate has entered conserve mode
C. Administrators cannot change the configuration
D. Administrators can access FortiGate only through the console port
عرض الإجابة
اجابة صحيحة: BC
السؤال #16
What is the common feature shared between IPv4 and SD-WAN ECMP algorithms?
A. Both can be enabled at the same time
B. Both support volume algorithms
C. Both control ECMP algorithms
D. Both use the same physical interface load balancing settings
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Refer to the exhibit. As an administrator you have created an IPS profile, but it is not performing as expected. While testing you got the output as shown in the exhibit. What could be the possible reason of the diagnose output shown in the exhibit?
A. There is a no firewall policy configured with an IPS security profile
B. FortiGate entered into IPS fail open state
C. Administrator entered the command diagnose test application ipsmonitor 5
D. Administrator entered the command diagnose test application ipsmonitor 99
عرض الإجابة
اجابة صحيحة: A
السؤال #18
Refer to the exhibit. Which two statements are true about the routing entries in this database table? (Choose two.)
A. All of the entries in the routing database table are installed in the FortiGate routing table
B. The port2 interface is marked as inactive
C. Both default routes have different administrative distances
D. The default route on port2 is marked as the standby route
عرض الإجابة
اجابة صحيحة: CD
السؤال #19
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)
A. FortiGuard update serverscorrect
B. System time
C. Operating modecorrect
D. NGFW modecorrect
عرض الإجابة
اجابة صحيحة: ACD
السؤال #20
Which statement best describes the role of a DC agent in an FSSO DC agent mode solution?
A. It captures the login and logoff events and forwards them to the collector agent
B. It captures the login events and forwards them to the collector agent
C. It captures the login events and forwards them to FortiGate
D. It captures the user IP address and workstation name and forwards them to FortiGate
عرض الإجابة
اجابة صحيحة: B
السؤال #21
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)
A. The keyUsage extension must be set to keyCertSign
B. The CA extension must be set to TRUcorrect
C. The issuer must be a public C
D. The common name on the subject field must use a wildcard name
عرض الإجابة
اجابة صحيحة: AB
السؤال #22
Refer to the exhibits. An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW). What must the administrator do to synchronize the address object?
A. Change the csf setting on ISFW (downstream) to set configuration-sync local
B. Change the csf setting on ISFW (downstream) to set authorization-request-type certificate
C. Change the csf setting on both devices to set downstream-access enable
D. Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default
عرض الإجابة
اجابة صحيحة: C
السؤال #23
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)
A. The keyUsage extension must be set to keyCertSign
B. The CA extension must be set to TRUcorrect
C. The issuer must be a public C
D. The common name on the subject field must use a wildcard name
عرض الإجابة
اجابة صحيحة: AB
السؤال #24
Refer to the exhibit. Examine the intrusion prevention system (IPS) diagnostic command. Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
A. The IPS engine was inspecting high volume of traffic
B. The IPS engine was unable to prevent an intrusion attack
C. The IPS engine was blocking all traffic
D. The IPS engine will continue to run in a normal state
عرض الإجابة
اجابة صحيحة: A
السؤال #25
An administrator wants to monitor their network for any probing attempts aimed to exploit existing vulnerabilities in their servers. Which two items must they configure on their FortiGate to accomplish this? (Choose two.)
A. A web application firewall profile to check protocol constraintscorrect
B. A DoS policy, and log all UDP and TCP scan attemptscorrect
C. An IPS sensor to monitor all signatures applicable to the servercorrect
D. An application control profile, and set all application signatures to monitor
عرض الإجابة
اجابة صحيحة: ABC
السؤال #26
An administrator configured the antivirus profile in a firewall policy set to flow-based inspection mode. While testing the configuration, the administrator noticed that eicar.com test files can be downloaded using HTTPS protocol only. What is causing this issue?
A. Hardware acceleration is in use
B. The test file is larger than the oversize limit
C. HTTPS protocol is not enabled under Inspected Protocols
D. Full SSL inspection is disabled
عرض الإجابة
اجابة صحيحة: D
السؤال #27
Which two configuration settings are global settings? (Choose two.)
A. User & Device settingscorrect
B. Firewall policies
C. HA settingscorrect
D. FortiGuard settingscorrect
عرض الإجابة
اجابة صحيحة: ACD
السؤال #28
Refer to the exhibit. The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing table on the ISP router. When the administrator tries to access the web server public address (203.0.113.2) from the internet, the connection times out. At the same time, the administrator runs a sniffer on FortiGate to capture incoming web traffic to the server and does not see any output. Based on the information shown in the e
A. Configure a loopback interface with address 203
B. In the VIP configuration, enable arp-reply
C. Enable port forwarding on the server to map the external service port to the internal service port
D. In the firewall policy configuration, enable match-vip
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
A. On HQ-FortiGate, enable Diffie-Hellman Group 2
B. On HQ-FortiGate, enable Auto-negotiate
C. On Remote-FortiGate, set Seconds to 43200
D. On HQ-FortiGate, set Encryption to AES256
عرض الإجابة
اجابة صحيحة: D
السؤال #30
A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.What is the reason for the certificate warning errors?
A. The option invalid SSL certificates is set to allow on the SSL/SSH inspection profile
B. The browser does not trust the certificate used by FortiGate for SSL inspection
C. The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions
D. The matching firewall policy is set to proxy inspection mode
عرض الإجابة
اجابة صحيحة: B

View The Updated Fortinet Exam Questions

SPOTO Provides 100% Real Fortinet Exam Questions for You to Pass Your Fortinet Exam!

Get Fortinet Practice Test

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.