Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

Which two statements are true about collector agent standard access mode? (Choose two.)

FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match. Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

Which two types of traffic are managed only by the management VDOM? (Choose two.)

Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B). Exhibit A Exhibit B Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

What devices form the core of the security fabric?

Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

An administrator must disable RPF check to investigate an issue. Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

Which three methods are used by the collector agent for AD polling? (Choose three.)

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

Which two statements are true about the RPF check? (Choose two.)

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address. An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies. The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication. How will FortiGate process the traffic when the HTTP r

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

Refer to the web filter raw logs. Based on the raw logs shown in the exhibit, which statement is correct?

Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

Refer to the exhibit, which contains a session diagnostic output. Which statement is true about the session diagnostic output?

Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover. Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two.)