لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
An administrator is deploying a hub and spokes network and using OSPF as dynamic protocol.Which configuration is mandatory for neighbor adjacency?
A. Set bfd enable in the router configuration
B. Set network-type point-to-multipoint in the hub interface
C. Set rfc1583-compatible enable in the router configuration
D. Set virtual-link enable in the hub interface
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Refer to the exhibit, which shows a hub and spokes deployment. An administrator is deploying several spokes, including the BGP configuration for the spokes to connect to the hub. Which two commands allow the administrator to minimize the configuration? (Choose two.)
A. neighbor-group
B. route-reflector-client
C. neighbor-range
D. ibgp-enforce-multihop
عرض الإجابة
اجابة صحيحة: AC
السؤال #3
What is the initial step performed by FortiGate when handling the first packets of a session?
A. Installation of the session key in the network processor (NP)
B. Data encryption and decryption
C. Security inspections such as ACL, HPE, and IP integrity header checking
D. Offloading the packets directly to the content processor (CP)
عرض الإجابة
اجابة صحيحة: C
السؤال #4
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below. Why didn’t the tunnel come up?
A. IKE mode configuration is not enabled in the remote IPsec gateway
B. The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration
C. The remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration
D. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode
عرض الإجابة
اجابة صحيحة: C
السؤال #5
Which three conditions are required for two FortiGate devices to form an OSP adjacency? (Choose three.)
A. OSPF costs matchcorrect
B. OSPF peer IDs match
C. Hello and dead intervals matchcorrect
D. OSPF IP MTUs matchcorrect
E. IP addresses are in the same subnetcorrect
عرض الإجابة
اجابة صحيحة: ACDE
السؤال #6
What global configuration setting changes the behavior for content-inspected traffic while FortiGate is in system conserve mode?
A. av-failopencorrect
B. mem-failopen
C. utm-failopen
D. ips-failopen
عرض الإجابة
اجابة صحيحة: A
السؤال #7
A company that acquired multiple branches across different countries needs to install new FortiGate devices on each of those branches. However, the IT staff lacks sufficient knowledge to implement the initial configuration on the FortiGate devices.Which three approaches can the company take to successfully deploy advanced initial configurations on remote branches? (Choose three.)
A. Add a URL wildcard domain to the website CA certificate and use it in the SSL/SSH Inspection Profile
B. In the Protocol Port Mapping section of the SSL/SSH Inspection Profile, enter 443, 8443 to analyze both standard (443) and non-standard (8443) HTTPS ports
C. To analyze nonstandard ports in web filter profiles, use TLSv1
D. Administrators can block traffic on nonstandard ports by enabling the SNI check in the SSL/SSH
عرض الإجابة
اجابة صحيحة: ABE
السؤال #8
A FortiGate device with UTM profiles is reaching the resource limits, and the administrator expects the traffic in the enterprise network to increase. The administrator has received an additional FortiGate of the same model. Which two protocols should the administrator use to integrate the additional FortiGate device into this enterprise network? (Choose two.)
A. FGSP with external load balancers
B. FGCP in active-active mode and with switches
C. FGCP in active-passive mode and with VDOM disabled
D. VRRP with switches
عرض الإجابة
اجابة صحيحة: AB
السؤال #9
Examine the partial output from two web filter debug commands; then answer the question below: Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?
A. Finance and banking
B. General organization
C. Business
D. Information technology
عرض الإجابة
اجابة صحيحة: D
السؤال #10
An LDAP user cannot authenticate against a FortiGate device. Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer the question below. Based on the output in the exhibit, what can cause this authentication problem?
A. The FortiGate has been configured with the wrong password for the LDAP administrator
B. User student is using a wrong password
C. User student is not found in the LDAP server
D. The FortiGate has been configured with the wrong authentication schema
عرض الإجابة
اجابة صحيحة: C
السؤال #11
An administrator wants to scale the IBGP sessions and optimize the routing table in an IBGP network.Which parameter should the administrator configure?
A. network-import-check
B. ibgp-enforce-multihop
C. neighbor-group
D. route-reflector-client
عرض الإجابة
اجابة صحيحة: D
السؤال #12
An administrator needs to install an IPS profile without triggering false positives that can impact applications and cause problems with the user's normal traffic flow. Which action can the administrator take to prevent false positives on IPS analysis?
A. Use the IPS profile extension to select an operating system, protocol, and application for all the network internal services and users to prevent false positives
B. Enable Scan Outgoing Connections to avoid clicking suspicious links or attachments that can deliver botnet malware and create false positives
C. Use an IPS profile with action monitor, however, the administrator must be aware that this can compromise network integrity
D. Install missing or expired SSL/TLS certificates on the client PC to prevent expected false positives
عرض الإجابة
اجابة صحيحة: C
السؤال #13
Refer to the exhibit, which shows the output of a diagnose command What can you conclude from the RTT value?
A. Its value is incremented with each packet lost
B. Its initial value is statically set to 10
C. It determines which FortiGuard server is used for license validation
D. Its value represents the time it takes to receive a response after a rating request is sent to a particular server
عرض الإجابة
اجابة صحيحة: D
السؤال #14
A user reports that their computer was infected with malware after accessing a secured HTTPS website. However, when the administrator checks the FortiGate logs, they do not see that the website was detected as insecure despite having an SSL certificate and correct profiles applied on the policy. How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website?
A. The administrator must enable reputable websites to allow only SSL/TLS websites rated by FortiGuard web filter
B. The administrator must enable URL extraction from SNI on the SSL certificate inspection to ensure the TLS three-way handshake is correctly analyzed by FortiGate
C. The administrator must enable DNS over TLS to protect against fake Server Name Indication (SNI) that cannot be analyzed in common DNS requests on HTTPS websites
D. The administrator must enable full SSL inspection in the SSL/SSH Inspection Profile to decrypt packets and ensure they are analyzed as expected
عرض الإجابة
اجابة صحيحة: D
السؤال #15
An administrator is checking an enterprise network and sees a suspicious packet with the MAC address e0:23:ff:fc:00:86. What two conclusions can the administrator draw? (Choose two.)
A. The suspicious packet is related to a cluster that has VDOMs enabled
B. The network includes FortiGate devices configured with the FGSP protocol
C. The suspicious packet is related to a cluster with a group-id value lower than 255
D. The suspicious packet corresponds to port 7 on a FortiGate device
عرض الإجابة
اجابة صحيحة: AD
السؤال #16
Refer to the exhibit, which contains a partial routing table. Assuming all the appropriate firewall policies are configured, which two pings will FortiGate route? (Choose two.)
A. Source IP address 10
B. Source IP address 10
C. Source IP address 10
D. Source IP address 10
عرض الإجابة
اجابة صحيحة: ABC
السؤال #17
An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, What command should the administrator execute?
A. diagnose sniffer packet any ‘udp port 500’
B. diagnose sniffer packet any ‘udp port 4500’
C. diagnose sniffer packet any ‘esp’correct
D. diagnose sniffer packet any ‘udp port 500 or udp port 4500’
عرض الإجابة
اجابة صحيحة: C
السؤال #18
A company that acquired multiple branches across different countries needs to install new FortiGate devices on each of those branches. However, the IT staff lacks sufficient knowledge to implement the initial configuration on the FortiGate devices. Which three approaches can the company take to successfully deploy advanced initial configurations on remote branches? (Choose three.)
A. Use metadata variables to dynamically assign values according to each FortiGate device
B. Use provisioning templates and install configuration settings at the device layer
C. Use the Global ADOM to deploy global object configurations to each FortiGate device
D. Apply Jinja in the FortiManager scripts for large-scale and advanced deployments
E. Add FortiGate devices on FortiManager as model devices, and use ZTP or LTP to connect to FortiGate devices
عرض الإجابة
اجابة صحيحة: ABE
السؤال #19
A company's guest internet policy, operating in proxy mode, blocks access to Artificial Intelligence Technology sites using FortiGuard. However, a guest user accessed a page in this category using port 8443. Which configuration changes are required for FortiGate to analyze HTTPS traffic on nonstandard ports like 8443 when full SSL inspection is active in the guest policy?
A. Add a URL wildcard domain to the website CA certificate and use it in the SSL/SSH Inspection Profile
B. In the Protocol Port Mapping section of the SSL/SSH Inspection Profile, enter 443, 8443 to analyze both standard (443) and non-standard (8443) HTTPS ports
C. To analyze nonstandard ports in web filter profiles, use TLSv1
D. Administrators can block traffic on nonstandard ports by enabling the SNI check in the SSL/SSH Inspection Profile
عرض الإجابة
اجابة صحيحة: B
السؤال #20
In which two states is a given session categorized as ephemeral? (Choose two.)
A. A TCP session waiting to complete the three-way handshake
B. A TCP session waiting for FIN AC
C. A UDP session with packets sent and received
D. A UDP session with only one packet received
عرض الإجابة
اجابة صحيحة: AC
السؤال #21
Refer to the exhibit, wh ch shows a command out t of an IKE real-time debug. Why did the tunnel not come up?
A. The pre-shared keys do not match
B. The remote gateway phase 1 configuration does not match the local gateway phase 1 configuration
C. The remote gateway phase 2 configuration does not match the local gateway phase 2 configuration
D. The remote gateway is using aggressive mode and the local gateway is configured to use main mode
عرض الإجابة
اجابة صحيحة: B
السؤال #22
Examine the following routing table and BGP configuration; then answer the question below. The BGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?
A. Enable the redistribution of connected routers into BG
B. Enable the redistribution of static routers into BGcorrect
C. Disable the setting network-import-check
D. Enable the setting ebgp-multipath
عرض الإجابة
اجابة صحيحة: B
السؤال #23
What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)
A. Reduce the session time to live
B. Increase the TCP session timers
C. Increase the FortiGuard cache time to live
D. Reduce the maximum file size to inspect
عرض الإجابة
اجابة صحيحة: AD
السؤال #24
Refer to the exhibit, which shows an ADVPN network. The client behind Spoke-1 generates traffic to the device located behind Spoke-2. What is the first message that the hub sends to Spoke-1 to bring up the dynamic tunnel?
A. Shortcut query
B. Shortcut offer
C. Shortcut reply
D. Shortcut forward
عرض الإجابة
اجابة صحيحة: B
السؤال #25
What are two impacts on applications if adjusting the TCP Maximum Segment Size (MSS) on FortiGate? (Choose two.)
A. The MSS configuration is prone to errors since it requires a thorough understanding of the network path
B. The packet count increases adding unnecessary TCP headers when the MSS value is increased
C. The overall data throughput is decreased when there is a decrease in MSS value
D. The network efficiency improves when there is a decrease in MSS value
عرض الإجابة
اجابة صحيحة: AC
السؤال #26
An administrator received a FortiAnalyzer alert that a 1 disk filled up in a day. Upon investigation, they found thousands of unusual DNS log requests, such as JHCMQK.website.com, with no answers. They later discovered that DNS exfiltration was occurring through both UDP and TLS. How can the administrator prevent this data theft technique?
A. Create an inline-CASB to protect against DNS exfiltration
B. Configure a File Filter profile to prevent DNS exfiltration
C. Enable DNS Filter to protect against DNS exfiltration
D. Use an IPS profile and DNS exfiltration-related signatures
عرض الإجابة
اجابة صحيحة: D
السؤال #27
Refer to the exhibit, which shows the output of a diagnose command. What can you conclude from the output shown in the exhibit? (Choose two.)
A. This is a pinhole session created to allow traffic for a protocol that requires additional sessions to operate through FortiGate
B. This is an expected session created by the IPS engine
C. Traffic in the original direction (coming from the IP address 10
D. Traffic in the original direction (coming from the IP address 10
عرض الإجابة
اجابة صحيحة: AD
السؤال #28
What does the command set forward-domain in a transparent VDOM interface do?
A. It configures the interface to prioritize traffic based on the domain ID, enhancing quality of service for specified VLANs
B. It isolates traffic within a specific VLAN by assigning a broadcast domain to an interface based on the VLAN ID
C. It restricts the interface to managing traffic only from the specified VLAN, effectively segregating network traffic
D. It assigns a unique domain ID to the interface, allowing it to operate across multiple VLANs within the same VDOM
عرض الإجابة
اجابة صحيحة: B
السؤال #29
View the exhibit, which contains the partial output of a diagnose command, and then answer the question below. Based on the output, which of the following statements is correct?
A. Anti-replay is enabled
B. DPD is disabled
C. Quick mode selectors are disabled
D. Remote gateway IP is 10
عرض الإجابة
اجابة صحيحة: A
السؤال #30
Refer to the exhibit, which contains a session table entry. Which statement about FortiGate inspection of this session is true?
A. FortiGate applied proxy-based inspection
B. FortiGate applied flow-based NGFW policy-based inspection
C. FortiGate applied flow-based inspection
D. FortiGate forwarded this session without any inspection
عرض الإجابة
اجابة صحيحة: A

View The Updated Fortinet Exam Questions

SPOTO Provides 100% Real Fortinet Exam Questions for You to Pass Your Fortinet Exam!

Get Fortinet Practice Test

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.