لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
An administrator needs to configure VPN user access for multiple sites using the same softFortiToken. Each site has a FortiGate VPN gateway.What must an administrator do to achieve this objective?
A. The administrator can register the same FortiToken on more than one FortiGate
B. The administrator must use a FortiAuthenticator device
C. The administrator can use a third-party radius OTP server
D. The administrator must use the user self-registration server
عرض الإجابة
اجابة صحيحة: B
السؤال #2
An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection.Which FortiGate configuration can achieve this goal?
A. SSL VPN bookmark
B. SSL VPN tunnel
C. Zero trust network access
D. SSL VPN quick connection
عرض الإجابة
اجابة صحيحة: B
السؤال #3
Which three statements explain a flow-based antivirus profile? (Choose three.)
A. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection
B. If a virus is detected, the last packet is delivered to the client
C. The IPS engine handles the process as a standalone
D. FortiGate buffers the whole file but transmits to the client at the same time
E. Flow-based inspection optimizes performance compared to proxy-based inspection
عرض الإجابة
اجابة صحيحة: ADE
السؤال #4
An administrator needs to increase network bandwidth and provide redundancy.What interface type must the administrator select to bind multiple FortiGate interfaces?
A. VLAN interface
B. Software Switch interface
C. Aggregate interface
D. Redundant interface
عرض الإجابة
اجابة صحيحة: C
السؤال #5
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
A. It limits the scanning of application traffic to the DNS protocol only
B. It limits the scanning of application traffic to use parent signatures only
C. It limits the scanning of application traffic to the browser-based technology category only
D. It limits the scanning of application traffic to the application category only
عرض الإجابة
اجابة صحيحة: D
السؤال #6
An administrator needs to increase network bandwidth and provide redundancy.Which interface type must the administrator select to bind multiple FortiGate interfaces?
A. Redundant interface
B. Software switch interface
C. VLAN interface
D. Aggregate interface
عرض الإجابة
اجابة صحيحة: D
السؤال #7
Refer to the exhibit.A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. Theadministrator has determined that phase 1 fails to come up. The administrator has also re-enteredthe pre-shared key on both FortiGate devices to make sure they match.Based on the phase 1 configuration and the diagram shown in the exhibit, which two configurationchanges will bring phase 1 up? (Choose two.)
A. On HQ-FortiGate, set IKE mode to Main (ID protection)
B. On both FortiGate devices, set Dead Peer Detection to On Demand
C. On HQ-FortiGate, disable Diffie-Helman group 2
D. On Remote-FortiGate, set port2 as Interface
عرض الإجابة
اجابة صحيحة: AD
السؤال #8
Which of the following SD-WAN load balancing method use interface weight value to distribute traffic? (Choose two.)
A. Source IP
B. Spillover
C. Volume
D. Session
عرض الإجابة
اجابة صحيحة: BD
السؤال #9
A network administrator has enabled full SSL inspection and web filtering on FortiGate. Whenvisiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTPwebsites, the browser does not report errors.What is the reason for the certificate warning errors?
A. The browser requires a software update
B. FortiGate does not support full SSL inspection when web filtering is enabled
C. The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser
D. There are network connectivity issues
عرض الإجابة
اجابة صحيحة: C
السؤال #10
Refer to the exhibits.Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.The WAN (port1) interface has the IP address 10.200.1.1/24.The LAN (port3) interface has the IP address 10.0.1.254/24.If the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be, after FortiGate forwards the packet to the destination?
A. 10
B. 10
C. 10
عرض الإجابة
اجابة صحيحة: C
السؤال #11
Refer to the exhibit. In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit. What should the administrator do next to troubleshoot the problem? This solution will help the administrator troubleshoot the problem by tracing the packet flow through the FortiGate device and displaying the details of each step.A debug flow can show the source and destination interfaces, the fire
A. un a sniffer on the web server
B. apture the traffic using an external sniffer connected to port1
C. xecute another sniffer in the FortiGate, this time with the filter host 10
D. xecute a debug flow
عرض الإجابة
اجابة صحيحة: D
السؤال #12
Which two statements are true about the RPF check? (Choose two.)
A. The RPF check is run on the first sent packet of any new session
B. The RPF check is run on the first reply packet of any new session
C. The RPF check is run on the first sent and reply packet of any new session
D. RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks
عرض الإجابة
اجابة صحيحة: AD
السؤال #13
Which three statements are true regarding session-based authentication? (Choose three.)
A. HTTP sessions are treated as a single user
B. IP sessions from the same source IP address are treated as a single user
C. It can differentiate among multiple clients behind the same source IP address
D. It requires more resources
E. It is not recommended if multiple users are behind the source NAT
عرض الإجابة
اجابة صحيحة: ACD
السؤال #14
Refer to the exhibit.The exhibit contains a network interface configuration, firewall policies, and a CLI consoleconfiguration.How will FortiGate handle user authentication for traffic that arrives on the LAN interface?
A. If there is a full-through policy in place, users will not be prompted for authentication
B. Users from the Sales group will be prompted for authentication and can authenticate successfully with the correct credentials
C. Authentication is enforced at a policy level; all users will be prompted for authentication
D. Users from the HR group will be prompted for authentication and can authenticate successfully with the correct credentials
عرض الإجابة
اجابة صحيحة: C
السؤال #15
An administrator has a requirement to keep an application session from timing out on port 80. Whattwo changes can the administrator make to resolve the issue without affecting any existing servicesrunning through FortiGate? (Choose two.)
A. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy
B. Create a new service object for HTTP service and set the session TTL to never
C. Set the TTL value to never under config system-ttl
D. Set the session TTL on the HTTP policy to maximum
عرض الإجابة
اجابة صحيحة: BC
السؤال #16
Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither thephysical layer nor the link layer? (Choose three.)
A. diagnose sys top
B. execute ping
C. execute traceroute
D. diagnose sniffer packet any
E. get system arp
عرض الإجابة
اجابة صحيحة: BCD
السؤال #17
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
A. Heartbeat interfaces have virtual IP addresses that are manually assigned
B. A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster
C. Virtual IP addresses are used to distinguish between cluster members
D. The primary device in the cluster is always assigned IP address 169
عرض الإجابة
اجابة صحيحة: C
السؤال #18
An organizations employee needs to connect to the office through a high-latency internetconnection.Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?
A. Change the session-ttl
B. Change the login timeout
C. Change the idle-timeout
D. Change the udp idle timer
عرض الإجابة
اجابة صحيحة: B
السؤال #19
Refer to the exhibits.Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.The WAN (port1) interface has the IP address 10.200.1.1/24.The LAN (port3) interface has the IP address 10.0.1.254/24.If the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be, after FortiGate forwards the packet to the destination?
A. 10
B. 10
C. 10
D. 10
عرض الإجابة
اجابة صحيحة: C
السؤال #20
What is a reason for triggering IPS fail open?
A. he IPS socket buffer is full and the IPS engine cannot process additional packets
B. he IPS engine cannot decode a packet
C. he IPS engine is upgraded
D. he administrator enabled NTurbo acceleration
عرض الإجابة
اجابة صحيحة: A
السؤال #21
Refer to the exhibit, which contains a static route configuration.An administrator created a static route for Amazon Web Services.What CLI command must the administrator use to view the route?
A. get router info routing-table all
B. get internet service route list
C. get router info routing-table database
D. diagnose firewall proute list
عرض الإجابة
اجابة صحيحة: D
السؤال #22
Refer to the exhibit.The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.The WAN (port1) interface has the IP address 10.200.1.1/24.The LAN (port3) interface has the IP address 10.0.1.254/24.A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pingsthe
A. 10
B. 10
C. 10
D. 10
عرض الإجابة
اجابة صحيحة: D
السؤال #23
Which three criteria can FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)
A. Services defined in the firewall policy
B. Highest to lowest priority defined in the firewall policy
C. Destination defined as Internet Services in the firewall policy
D. Lowest to highest policy ID number
E. Source defined as Internet Services in the firewall policy
عرض الإجابة
اجابة صحيحة: ABE
السؤال #24
Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode?(Choose two.)
A. FG-traffic
B. Mgmt
C. FG-Mgmt
D. Root
عرض الإجابة
اجابة صحيحة: AD
السؤال #25
The exhibit shows the output of a diagnose command. What does the output reveal about the policy route?
A. It is an ISDB route in policy route
B. It is a regular policy route
C. It is an ISDB policy route with an SDWAN rule
D. It is an SDWAN rule in policy route
عرض الإجابة
اجابة صحيحة: CD
السؤال #26
Refer to the exhibit to view the application control profile.Based on the configuration, what will happen to Apple FaceTime?
A. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration
B. Apple FaceTime will be allowed, based on the Apple filter configuration
C. Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn
D. Apple FaceTime will be allowed, based on the Categories configuration
عرض الإجابة
اجابة صحيحة: A
السؤال #27
Refer to exhibit. An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page. Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?
A. On the FortiGuard Category Based Filter configuration, set Action to Warning for Social Networking
B. On the Static URL Filter configuration, set Type to Simple
C. On the Static URL Filter configuration, set Action to Exempt
D. On the Static URL Filter configuration, set Action to Monitor
عرض الإجابة
اجابة صحيحة: ADE
السؤال #28
Refer to the exhibit.The exhibit shows a diagram of a FortiGate device connected to the network and the firewall policy and IP pool configuration on the FortiGate device.Which two actions does FortiGate take on internet traffic sourced from the subscribers? (Choose two.)
A. FortiGate allocates port blocks per user, based on the configured range of internal IP addresses
B. FortiGate allocates port blocks on a first-come, first-served basis
C. FortiGate generates a system event log for every port block allocation made per user
D. FortiGate allocates 128 port blocks per user
عرض الإجابة
اجابة صحيحة: AD
السؤال #29
Refer to the exhibit.The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing table on the ISP router.When the administrator tries to access the web server public address (203.0.113.2) from the internet, the connection times out. At the same time, the administrator runs a sniffer on FortiGate to capture incoming web traffic to the server and does not see any output.Based on the information shown in the exhi
A. Configure a loopback interface with address 203
B. In the VIP configuration, enable arp-reply
C. Enable port forwarding on the server to map the external service port to the internal service port
D. In the firewall policy configuration, enable match-vip
عرض الإجابة
اجابة صحيحة: D
السؤال #30
Refer to the exhibit showing a FortiGuard connection debug output.Based on the output, which two facts does the administrator know about the FortiGuard connection? (Choose two.)
A. One server was contacted to retrieve the contract information
B. There is at least one server that lost packets consecutively
C. A local FortiManager is one of the servers FortiGate communicates with
D. FortiGate is using default FortiGuard communication settings
عرض الإجابة
اجابة صحيحة: AD

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.