لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
How does FortiGate act when using SSL VPN in web mode?
A. FortiGate acts as an FDS server
B. FortiGate acts as an HTTP reverse proxy
عرض الإجابة
اجابة صحيحة: B
السؤال #2
An administrator wants to configure timeouts for users. Regardless of the userTMs behavior, the timer should start as soon as the user authenticates and expire after the configured value. Which timeout option should be configured on FortiGate?
A. auth-on-demand
B. soft-timeout C
E. hard-timeout
عرض الإجابة
اجابة صحيحة: E
السؤال #3
The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?
A. Change password
B. Enable restrict access to trusted hosts C
عرض الإجابة
اجابة صحيحة: C
السؤال #4
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. * All traffic must be routed through the primary tunnel when both tunnels are up * The secondary tunnel must be used only if the primary tunnel goes down * In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)
A. Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel
عرض الإجابة
اجابة صحيحة: BC
السؤال #5
Refer to the web filter raw logs. Based on the raw logs shown in the exhibit, which statement is correct?
A. Social networking web filter category is configured with the action set to authenticate
B. The action on firewall policy ID 1 is set to warning
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Which scanning technique on FortiGate can be enabled only on the CLI?
A. Heuristics scan
B. Trojan scan
C. Antivirus scan
D. Ransomware scan
عرض الإجابة
اجابة صحيحة: A
السؤال #7
Examine the intrusion prevention system (IPS) diagnostic command. Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
A. The IPS engine was inspecting high volume of traffic
B. The IPS engine was unable to prevent an intrusion attack
عرض الإجابة
اجابة صحيحة: A
السؤال #8
An administrator is running a sniffer command as shown in the exhibit. Which three pieces of information are included in the sniffer output? (Choose three.)
A. Interface name
B. Ethernet header C
E. Packet payload
عرض الإجابة
اجابة صحيحة: ACE
السؤال #9
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)
A. FortiGuard web filter cache
B. FortiGate hostname C
عرض الإجابة
اجابة صحيحة: CD
السؤال #10
By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuardservers. Which CLI command will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?
A. set fortiguard-anycast disable
B. set webfilter-force-off disable C
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Refer to the exhibits. Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)
A. Administrators can access FortiGate only through the console port
B. FortiGate has entered conserve mode
عرض الإجابة
اجابة صحيحة: BD
السؤال #12
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel. Which DPD mode on FortiGate will meet the above requirement?
A. Disabled
B. On Demand C
عرض الإجابة
اجابة صحيحة: D
السؤال #13
Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?
A. The security actions applied on the web applications will also be explicitly applied on the thirdparty websites
B. The application signature database inspects traffic only from the original web application server
عرض الإجابة
اجابة صحيحة: D
السؤال #14
You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk. What is the default behavior when the local disk is full?
A. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%
B. No new log is recorded until you manually clear logs from the local disk
C. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%
D. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%
عرض الإجابة
اجابة صحيحة: C
السؤال #15
Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)
A. There are five devices that are part of the security fabric
B. Device detection is disabled on all FortiGate devices
عرض الإجابة
اجابة صحيحة: CD
السؤال #16
When configuring a firewall virtual wire pair policy, which following statement is true?
A. Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same
B. Only a single virtual wire pair can be included in each policy
عرض الإجابة
اجابة صحيحة: A
السؤال #17
Which statement about video filtering on FortiGate is true?
A. Full SSL Inspection is not required
B. It is available only on a proxy-based firewall policy
عرض الإجابة
اجابة صحيحة: B
السؤال #18
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.) A.System time
B. FortiGuaid update servers C
عرض الإجابة
اجابة صحيحة: CD
السؤال #19
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded. What is the reason for the failed virus detection by FortiGate?
A. The website is exempted from SSL inspection
B. The EICAR test file exceeds the protocol options oversize limit
عرض الإجابة
اجابة صحيحة: AD
السؤال #20
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict? A.get system status
B. get system performance status C
عرض الإجابة
اجابة صحيحة: A
السؤال #21
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
A. NGFW policy-based mode does not require the use of central source NAT policy
B. NGFW policy-based mode can only be applied globally and not on individual VDOMs C
عرض الإجابة
اجابة صحيحة: CD
السؤال #22
An administrator has configured the following settings: What are the two results of this configuration? (Choose two.)
A. Device detection on all interfaces is enforced for 30 minutes
B. Denied users are blocked for 30 minutes
عرض الإجابة
اجابة صحيحة: D
السؤال #23
Which contains a session diagnostic output. Which statement is true about the session diagnostic output?
A. The session is in SYN_SENT state
B. The session is in FIN_ACK state
عرض الإجابة
اجابة صحيحة: A
السؤال #24
Which three statements explain a flow-based antivirus profile? (Choose three.)
A. IPS engine handles the process as a standalone
B. FortiGate buffers the whole file but transmits to the client simultaneously
E. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection
عرض الإجابة
اجابة صحيحة: BDE
السؤال #25
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.) A.SSH B.HTTPS C.FTM D.FortiTelemetry
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two. A
عرض الإجابة
اجابة صحيحة: AB
السؤال #26
Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)
A. The port3 default route has the highest distance
B. The port3 default route has the lowest metric
عرض الإجابة
اجابة صحيحة: AD
السؤال #27
Which two statements explain antivirus scanning modes? (Choose two.)
A. In proxy-based inspection mode, files bigger than the buffer size are scanned
B. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client
عرض الإجابة
اجابة صحيحة: BC
السؤال #28
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B). Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?
A. The firewall policy performs the full content inspection on the file
B. The flow-based inspection is used, which resets the last packet to the user
عرض الإجابة
اجابة صحيحة: B
السؤال #29
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
A. On HQ-FortiGate, enable Auto-negotiate
B. On Remote-FortiGate, set Seconds to 43200
عرض الإجابة
اجابة صحيحة: B
السؤال #30
Refer to the exhibits. Exhibit
A. Exhibit
B. An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric
A. Change the csf setting on Local-FortiGate (root) to set configuration-sync local
B. Change the csf setting on ISFW (downstream) to set configuration-sync local
عرض الإجابة
اجابة صحيحة: C
السؤال #31
Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)
A. There are five devices that are part of the security fabric
B. Device detection is disabled on all FortiGate devices
عرض الإجابة
اجابة صحيحة: CD
السؤال #32
Examine the intrusion prevention system (IPS) diagnostic command. Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
A. The IPS engine was inspecting high volume of traffic
B. The IPS engine was unable to prevent an intrusion attack
عرض الإجابة
اجابة صحيحة: A
السؤال #33
What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?
A. Full Content inspection
B. Proxy-based inspection
C. Certificate inspection
D. Flow-based inspection
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.