لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
An administrator wants to block https://www.example.com/videos and allow all other URLs on the website. What are two configuration changes that the administrator can make to satisfy the requirement? (Choose two.)
A. Configure web override for the URL and select a blocked FortiGuard subcategorycorrect
B. Enable full SSL inspectioncorrect
C. Configure a video filter profile to block the URL
D. Configure a static URL filter entry for the URL and select Block as the actioncorrect
عرض الإجابة
اجابة صحيحة: ABD
السؤال #2
Which statement is correct regarding the use of application control for inspecting web applications?
A. Application control can identify child and parent applications, and perform different actions on them
B. Application control signatures are organized in a nonhierarchical structure
C. Application control does not require SSL inspection to identify web applications
D. Application control does not display a replacement message for a blocked web application
عرض الإجابة
اجابة صحيحة: A
السؤال #3
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover. Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)
A. Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel
B. Configure a lower distance on the static route for the primary tunnel, and a higher distance on thestatic route for the secondary tunnel
C. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels
D. Enable Dead Peer Detection
عرض الإجابة
اجابة صحيحة: ABD
السؤال #4
Which NAT method translates the source IP address in a packet to another IP address?
A. DNAT
B. SNATcorrect
C. VIP
D. IPPOOL
عرض الإجابة
اجابة صحيحة: B
السؤال #5
An administrator does not want to report the login events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?
A. Add the support of NTLM authentication
B. Add user accounts to the FortiGate group filter
C. Add user accounts to Active Directory (AD)
D. Add user accounts to the Ignore User Listcorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #6
Refer to the exhibits. Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two results are correct? (Choose two.)
A. FortiGate will start sending all files to FortiSandbox for inspection
B. FortiGate has entered conserve mode
C. Administrators cannot change the configuration
D. Administrators can access FortiGate only through the console port
عرض الإجابة
اجابة صحيحة: ABC
السؤال #7
View the exhibit. Both VDOMs are operating in NAT/route mode. The subnet 10.0.1.0/24 is connected to VDOM1. The subnet 10.0.2.0/24 is connected to VDOM2. There is an inter-VDOM link between VDOM1 and VDOM2. Also, necessary firewall policies are configured in VDOM1 and VDOM2. Which two static routes are required in the FortiGate configuration, to route traffic between both subnets through an inter-VDOM link? (Choose two.)
A. A static route in VDOM1 with the destination subnet matching the subnet assigned to the inter-VDOM linkcorrect
B. A static route in VDOM2 for the destination subnet 10
C. A static route in VDOM1 for the destination subnet 10
D. A static route in VDOM2 with the destination subnet matching the subnet assigned to the inter-VDOM link
عرض الإجابة
اجابة صحيحة: ABC
السؤال #8
Which statement correctly describes the use of reliable logging on FortiGate?
A. Reliable logging is enabled by default in all configuration scenarios
B. Reliable logging is required to encrypt the transmission of logs
C. Reliable logging can be configured only using the CL
D. Reliable logging prevents the loss of logs when the local disk is full
عرض الإجابة
اجابة صحيحة: B
السؤال #9
Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?
A. All traffic from a source IP to a destination IP is sent to the same interface
B. Traffic is sent to the link with the lowest latency
C. Traffic is distributed based on the number of sessions through each interface
D. All traffic from a source IP is sent to the same interface
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Which two pieces of information are synchronized between FortiGate HA members? (Choose two.)
A. OSPF adjacencies
B. IPsec security associations
C. BGP peerings
D. DHCP leases
عرض الإجابة
اجابة صحيحة: BD
السؤال #11
An administrator has configured central DNAT and virtual IPs. Which item can be selected in the firewall policy Destination field?
A. An IP pool
B. A VIP object
C. A VIP group
D. The mapped IP address object of the VIP objectcorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #12
You are analyzing connectivity problems caused by intermediate devices blocking traffic in SSL VPN environment. In which two ways can you effectively resolve the problem? (Choose two.)
A. You can turn off IKE fragmentation to fix large certificate negotiation problems
B. You should use IPsec to solve issues with fragment drops and large certificate exchanges
C. You can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500)
D. You can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports
عرض الإجابة
اجابة صحيحة: AC
السؤال #13
An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbound traffic. Which DPD mode on FortiGate meets this requirement?
A. Enabled
B. On Idle
C. Disabled
D. On Demand
عرض الإجابة
اجابة صحيحة: A
السؤال #14
Refer to the exhibit. The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile. An administrator must block access to download.com, which belongs to the Freeware and Software Downloads category. The administrator must also allow other websites in the same category. What are two solutions for satisfying the requirement? (Choose two.)
A. Configure a separate firewall policy with action Deny and an FQDN address object for *
B. Set the Freeware and Software Downloads category Action to Warning
C. Configure a web override rating for download
D. Configure a static URL filter entry for download
عرض الإجابة
اجابة صحيحة: CD
السؤال #15
Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, as well as the firewall policy and IP pool configuration on the FortiGate device. Two PCs, PC1 and PC2, are connected behind FortiGate and can access the internet successfully. However, when the administrator adds a third PC to the network (PC3), the PC cannot connect to the internet. Based on the information shown in the exhibit, which two configuration options can the administrator use to fix the connectivit
A. In the firewall policy configuration, add 10
B. In the IP pool configuration, set endip to 192
C. Configure another firewall policy that matches only the address of PC3 as source, and then place the policy on top of the list
D. In the IP pool configuration, set type to overload
عرض الإجابة
اجابة صحيحة: BD
السؤال #16
Refer to the exhibit. Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?
A. All traffic from a source IP to a destination IP is sent to the same interface
B. Traffic is sent to the link with the lowest latency
C. Traffic is distributed based on the number of sessions through each interface
D. All traffic from a source IP is sent to the same interface
عرض الإجابة
اجابة صحيحة: A
السؤال #17
FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface. In this scenario, what are two requirements for the VLAN ID? (Choose two.)
A. The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in the same subnet
B. The two VLAN subinterfaces can have the same VLAN ID, only if they belong to different VDOMs
C. The two VLAN subinterfaces must have different VLAN IDs
D. The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses indifferent subnets
عرض الإجابة
اجابة صحيحة: ABC
السؤال #18
Refer to the exhibit. Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?
A. All traffic from a source IP to a destination IP is sent to the same interface
B. Traffic is sent to the link with the lowest latency
C. Traffic is distributed based on the number of sessions through each interface
D. All traffic from a source IP is sent to the same interface
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Refer to the exhibits, which show the firewall policy and the security profile for Facebook. Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts. Which part of the configuration must you change to resolve the issue?
A. Get the additional application signatures required to add to the security policy
B. Add Facebook to the URL category in the security policy
C. Disable HTTP redirect to HTTPS on the web browser
D. Make the SSL inspection a deep content inspection
عرض الإجابة
اجابة صحيحة: D
السؤال #20
Examine the exhibit, which shows a firewall policy configured with multiple security profiles. Which two security profiles are handled by the IPS engine? (Choose two.)
A. Web Filtercorrect
B. IPScorrect
C. AntiVirus
D. Application Controlcorrect
عرض الإجابة
اجابة صحيحة: ABD
السؤال #21
Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)
A. FortiGate SN FGVM010000065036 HA uptime has been reset
B. FortiGate devices are not in sync because one device is down
C. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime
D. FortiGate SN FGVM010000064692 has the higher HA priority
عرض الإجابة
اجابة صحيحة: AD
السؤال #22
Which two statements about antivirus scanning in a firewall policy set to proxy-based inspection mode, are true? (Choose two.)
A. A file does not need to be buffered completely before it is moved to the antivirus engine for scanning
B. The client must wait for the antivirus scan to finish scanning before it receives the file
C. FortiGate sends a reset packet to the client if antivirus reports the file as infected
D. If a virus is detected, a block replacement message is displayed immediately
عرض الإجابة
اجابة صحيحة: ABD
السؤال #23
Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?
A. Downstream devices can connect to the upstream device from any of their VDOMs
B. Each VDOM in the environment can be part of a different Security Fabric
C. VDOMs without ports with connected devices are not displayed in the topology
D. Security rating reports can be run individually for each configured VDOM
عرض الإجابة
اجابة صحيحة: C
السؤال #24
Refer to the exhibit. Why did FortiGate drop the packet?
A. 11 matched an explicitly configured firewall policy with the action DENY
B. The next-hop IP address is unreachable
C. It matched the default implicit firewall policy
D. It failed the RPF check
عرض الإجابة
اجابة صحيحة: C
السؤال #25
Examine the exhibit, which shows a firewall policy configured with multiple security profiles. Which two security profiles are handled by the IPS engine? (Choose two.)
A. Web Filtercorrect
B. IPScorrect
C. AntiVirus
D. Application Controlcorrect
عرض الإجابة
اجابة صحيحة: ABD
السؤال #26
Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)
A. If SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume-based
B. If SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP
C. If SD-WAN is disabled, you configure the load balancing algorithm in config system settings
D. If SD-WAN is enabled, you control the load balancing algorithm with the parameter load-balance-mode
عرض الإجابة
اجابة صحيحة: AD
السؤال #27
View the exhibit. A user at 192.168.32.15 is trying to access the web server at 172.16.32.254. Which two statements best describe how the FortiGate will perform reverse path forwarding (RPF) checks on this traffic? (Choose two.)
A. Strict RPF check will deny the traffic
B. Loose RPF check will allow the traffic
C. Strict RPF check will allow the traffic
D. Loose RPF check will deny the traffic
عرض الإجابة
اجابة صحيحة: ABC
السؤال #28
Refer to the exhibit. Which statement about the configuration settings is true?
A. When a remote user accesses http://10
B. When a remote user accesses https://10
C. When a remote user accesses https://10
D. The settings are invalid
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Refer to the exhibit. The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing table on the ISP router. When the administrator tries to access the web server public address (203.0.113.2) from the internet, the connection times out. At the same time, the administrator runs a sniffer on FortiGate to capture incoming web traffic to the server and does not see any output. Based on the information shown in the e
A. Configure a loopback interface with address 203
B. In the VIP configuration, enable arp-reply
C. Enable port forwarding on the server to map the external service port to the internal service port
D. In the firewall policy configuration, enable match-vip
عرض الإجابة
اجابة صحيحة: B
السؤال #30
What does the command diagnose debug fsso-polling refresh-user do?
A. It refreshes all users learned through agentless polling
B. It displays status information and some statistics related to the polls done by FortiGate on each D
C. It refreshes user group information from any servers connected to FortiGate using a collector agent
D. It enables agentless polling mode real-time debug
عرض الإجابة
اجابة صحيحة: A

View The Updated Fortinet Exam Questions

SPOTO Provides 100% Real Fortinet Exam Questions for You to Pass Your Fortinet Exam!

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: