لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded. What is the reason for the failed virus detection by FortiGate?
A. The website is exempted from SSL inspection
B. The EICAR test file exceeds the protocol options oversize limit
C. The selected SSL inspection profile has certificate inspection enabled
D. The browser does not trust the FortiGate self-signed CA certificate
عرض الإجابة
اجابة صحيحة: A
السؤال #2
Refer to the exhibits. The exhibits show a network diagram and firewall configurations. An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. Remote-User1 must be able to access the Webserver. Remote-User2 must not be able to access the Webserver. In this scenario, which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)
A. Disable match-vip in the Deny policy
B. Set the Destination address as Deny_IP in the Allow-access policy
C. Enable match vip in the Deny policy
D. Set the Destination address as Web_server in the Deny policy
عرض الإجابة
اجابة صحيحة: D
السؤال #3
An employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent SSL VPN negotiation failure?
A. idle-timeout
B. login-timeout
C. udp-idle-timer
D. session-ttl
عرض الإجابة
اجابة صحيحة: BD
السؤال #4
Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)
A. DNS
B. ping
C. udp-echo
D. TWAMP
عرض الإجابة
اجابة صحيحة: D
السؤال #5
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax. Which two syntaxes are correct to configure web rating for the home page? (Choose two.)
A. www
B. www
C. example
D. www
عرض الإجابة
اجابة صحيحة: CD
السؤال #6
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?
A. Add the support of NTLM authentication
B. Add user accounts to Active Directory (AD)
C. Add user accounts to the FortiGate group fitter
D. Add user accounts to the Ignore User List
عرض الإجابة
اجابة صحيحة: AD
السؤال #7
Refer to the exhibit, which contains a static route configuration. An administrator created a static route for Amazon Web Services. Which CLI command must the administrator use to view the route?
A. get router info routing-table database
B. diagnose firewall route list
C. get internet-service route list
D. get router info routing-table all
عرض الإجابة
اجابة صحيحة: CD
السؤال #8
Which contains a session list output. Based on the information shown in the exhibit, which statement is true?
A. Destination NAT is disabled in the firewall policy
B. One-to-one NAT IP pool is used in the firewall policy
C. Overload NAT IP pool is used in the firewall policy
D. Port block allocation IP pool is used in the firewall policy
عرض الإجابة
اجابة صحيحة: D
السؤال #9
Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?
A. diagnose wad session list
B. diagnose wad session list | grep hook-pre&&hook-out
C. diagnose wad session list | grep hook=pre&&hook=out
D. diagnose wad session list | grep "hook=pre"&"hook=out"
عرض الإجابة
اجابة صحيحة: CD
السؤال #10
Examine the intrusion prevention system (IPS) diagnostic command. Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
A. The IPS engine was inspecting high volume of traffic
B. The IPS engine was unable to prevent an intrusion attack
C. The IPS engine was blocking all traffic
D. The IPS engine will continue to run in a normal state
عرض الإجابة
اجابة صحيحة: D
السؤال #11
By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers. Which CLI command will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?
A. set fortiguard-anycast disable
B. set webfilter-force-off disable
C. set webfilter-cache disable
D. set protocol tcp
عرض الإجابة
اجابة صحيحة: A
السؤال #12
The exhibit shows a diagram of a FortiGate device connected to the network and the firewall policy and IP pool configuration on the FortiGate device. Which two actions does FortiGate take on internet traffic sourced from the subscribers? (Choose two.)
A. FortiGate allocates port blocks per user, based on the configured range of internal IP addresses
B. FortiGate allocates port blocks on a first-come, first-served basis
C. FortiGate generates a system event log for every port block allocation made per user
D. FortiGate allocates 128 port blocks per user
عرض الإجابة
اجابة صحيحة: BC
السؤال #13
Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)
A. The client FortiGate requires a client certificate signed by the CA on the server FortiGate
B. The client FortiGate requires a manually added route to remote subnets
C. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN
D. The server FortiGate requires a CA certificate to verify the client FortiGate certificate
عرض الإجابة
اجابة صحيحة: B
السؤال #14
Refer to the exhibits. Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)
A. Administrators can access FortiGate only through the console port
B. FortiGate has entered conserve mode
C. FortiGate will start sending all files to FortiSandbox for inspection
D. Administrators cannot change the configuration
عرض الإجابة
اجابة صحيحة: D
السؤال #15
- (Exam Topic 2) Which statement about the IP authentication header (AH) used by IPsec is true?
A. AH does not provide any data integrity or encryption
B. AH does not support perfect forward secrecy
C. AH provides data integrity bur no encryption
D. AH provides strong data integrity but weak encryption
عرض الإجابة
اجابة صحيحة: CD
السؤال #16
Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)
A. The port3 default route has the lowest metric
B. The port1 and port2 default routes are active in the routing table
C. The ports default route has the highest distance
D. There will be eight routes active in the routing table
عرض الإجابة
اجابة صحيحة: A
السؤال #17
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, which configuration change will bring phase 2 up?
A. On Remote-FortiGate, set Seconds to 43200
B. On HQ-FortiGate, set Encryption to AES256
C. On HQ-FortiGate, enable Diffie-Hellman Group 2
D. On HQ-FortiGate, enable Auto-negotiate
عرض الإجابة
اجابة صحيحة: B
السؤال #18
An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection. Which FortiGate configuration can achieve this goal?
A. SSL VPN bookmark
B. SSL VPN tunnel
C. Zero trust network access
D. SSL VPN quick connection
عرض الإجابة
اجابة صحيحة: B
السؤال #19
Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?
A. To allow for out-of-order packets that could arrive after the FIN/ACK packets
B. To finish any inspection operations
C. To remove the NAT operation
D. To generate logs
عرض الإجابة
اجابة صحيحة: B
السؤال #20
- (Exam Topic 2) Examine the two static routes shown in the exhibit, then answer the following question. Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?
A. FortiGate will load balance all traffic across both routes
B. FortiGate will use the port1 route as the primary candidate
C. FortiGate will route twice as much traffic to the port2 route
D. FortiGate will only actuate the port1 route in the routing table
عرض الإجابة
اجابة صحيحة: CD
السؤال #21
An administrator configures outgoing interface any in a firewall policy. What is the result of the policy list view?
A. Search option is disabled
B. Policy lookup is disabled
C. By Sequence view is disabled
D. Interface Pair view is disabled
عرض الإجابة
اجابة صحيحة: C
السؤال #22
On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?
A. System event logs
B. Forward traffic logs
C. Local traffic logs
D. Security logs
عرض الإجابة
اجابة صحيحة: ABE
السؤال #23
Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?
A. The signature setting uses a custom rating threshold
B. The signature setting includes a group of other signatures
C. Traffic matching the signature will be allowed and logged
D. Traffic matching the signature will be silently dropped and logged
عرض الإجابة
اجابة صحيحة: AC
السؤال #24
- (Exam Topic 2) Which scanning technique on FortiGate can be enabled only on the CLI?
A. Heuristics scan
B. Trojan scan
C. Antivirus scan
D. Ransomware scan
عرض الإجابة
اجابة صحيحة: A
السؤال #25
Examine this output from a debug flow: Why did the FortiGate drop the packet?
A. The next-hop IP address is unreachable
B. It failed the RPF check
C. It matched an explicitly configured firewall policy with the action DENY
D. It matched the default implicit firewall policy
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Based on the ZTNA tag, the security posture of the remote endpoint has changed. What will happen to endpoint active ZTNA sessions?
A. They will be re-evaluated to match the endpoint policy
B. They will be re-evaluated to match the firewall policy
C. They will be re-evaluated to match the ZTNA policy
D. They will be re-evaluated to match the security policy
عرض الإجابة
اجابة صحيحة: A
السؤال #27
What are two features of collector agent advanced mode? (Choose two.)
A. In advanced mode, FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate
B. In advanced mode, security profiles can be applied only to user groups, not individual users
C. Advanced mode uses the Windows convention—NetBios: Domain\Username
D. Advanced mode supports nested or inherited groups
عرض الإجابة
اجابة صحيحة: AC
السؤال #28
Examine this FortiGate configuration: How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?
A. It always authorizes the traffic without requiring authentication
B. It drops the traffic
C. It authenticates the traffic using the authentication scheme SCHEME2
D. It authenticates the traffic using the authentication scheme SCHEME1
عرض الإجابة
اجابة صحيحة: ADE
السؤال #29
In which two ways can RPF checking be disabled? (Choose two )
A. Enable anti-replay in firewall policy
B. Disable the RPF check at the FortiGate interface level for the source check
C. Enable asymmetric routing
D. Disable strict-arc-check under system settings
عرض الإجابة
اجابة صحيحة: BD

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: