- (Exam Topic 1) Which statement about the policy ID number of a firewall policy is true?

- (Exam Topic 2) The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses. How does FortiGate process the traffic sent to http://www.fortinet.com?

- (Exam Topic 2) Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

- (Exam Topic 1) Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

- (Exam Topic 2) Which contains a Performance SLA configuration. An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?

- (Exam Topic 1) A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded. What is the reason for the failed virus detection by FortiGate?

- (Exam Topic 2) Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

- (Exam Topic 2) Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

- (Exam Topic 2) A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors. What is the reason for the certificate warning errors?

- (Exam Topic 2) What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

- (Exam Topic 1) How does FortiGate act when using SSL VPN in web mode?

- (Exam Topic 1) Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

- (Exam Topic 1) The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode. The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem. With this configuration, which statement is true?

- (Exam Topic 2) FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)