NEW QUESTION NO: 20

A FortiGate unit can provide which of the following capabilities? (Select all that apply.)
A. Mail server
B. Email filtering
C. Firewall
D. Mail relay
E. VPN gateway
Answer: B,C,E

NEW QUESTION NO: 21
Which is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying a FortiGate unit?
A. Packet encryption.
B. MIB-based report uploads.
C. SNMP access limited by access lists.
D. Running SNMP service on a non-standard port is possible.
Answer: A

NEW QUESTION NO: 22
The command structure of the FortiGate CLI consists of commands, objects, branches, tables, and parameters.
Which of the following items describes user?
A. A table
B. An object
C. A command
D. A parameter.
Answer: B

NEW QUESTION NO: 23
You wish to create a firewall policy that applies only to traffic intended for your web server. The web server has an IP address of 192.168.2.2 and a /24 subnet mask. When defining the firewall address for use in this policy, which one of the following addresses is correct?
A. 192.168.2.2 / 255.255.255.0
B. 192.168.2.2 / 255.255.255.255
C. 192.168.2.0 / 255.255.255.0
D. 192.168.2.0 / 255.255.255.255
Answer: B

NEW QUESTION NO: 24
Bob wants to send Alice a file that is encrypted using public key cryptography.
Which of the following statements is correct regarding the use of public key cryptography in this scenario?
A. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file.
B. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file.
C. Bob will use his public key to encrypt the file and Alice will use Bob's private key to decrypt the file
D. Bob will use Alice's public key to encrypt the file and Alice will use her private key to decrypt the file.
Answer: D

NEW QUESTION NO: 25
Examine the following CLI configuration:
config system session-ttl
set default 1800
end
What statement is true about the effect of the above configuration line?
A. Sessions can be idle for more than 1800 seconds.
B. After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.
C. The maximum length of time a session can be open is 1800 seconds.
D. After 1800 seconds, the end user must re-authenticate.
Answer: A

NEW QUESTION NO: 26
Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the feature will function.
An administrator must assign a set of UTM features to a group of users. Which of the following is the correct method for doing this?
A. The administrator must apply the UTM features directly to a user object.
B. The administrator must enable the UTM features in an identify-based policy applicable to the user group.
C. Enable a set of unique UTM features under "Edit User Group".
D. When defining the UTM objects, the administrator must list the user groups which will use the UTM object.
Answer: B

NEW QUESTION NO: 27
In NAT/Route mode when there is no matching firewall policy for traffic to be forwarded by the Firewall, which of the following statements describes the action taken on traffic?
A. The traffic is blocked.
B. The traffic is passed and logged.
C. The traffic is passed.
D. The traffic is blocked and logged.
Answer: A

NEW QUESTION NO: 28
Because changing the operational mode to Transparent resets device (or vdom) to all defaults, which precautions should an Administrator take prior to performing this? (Select all that apply.)
A. Disconnect redundant cables to ensure the topology will not contain layer 2 loops.
B. Set the unit to factory defaults.
C. Backup the configuration.
D. Update IPS and AV files.
Answer: A,C

NEW QUESTION NO: 29
The Idle Timeout setting on a FortiGate unit applies to which of the following?
A. Administrator access
B. FTP connections
C. Web browsing
D. User authentication
E. Web filtering overrides
Answer: A

NEW QUESTION NO: 30
The FortiGate unit can be configured to allow authentication to a RADIUS server. The RADIUS server can use several different authentication protocols during the authentication process.
Which of the following are valid authentication protocols that can be used when a user authenticates to the RADIUS server? (Select all that apply.)
A. FAP (FortiGate Authentication Protocol)
B. CHAP (Challenge-Handshake Authentication Protocol)
C. PAP (Password Authentication Protocol)
D. MS-CHAP-V2 (Microsoft Challenge-Handshake Authentication Protocol v2)
E. MS-CHAP (Microsoft Challenge-Handshake Authentication Protocol v1)
Answer: B,C,D,E

NEW QUESTION NO: 31
Which tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Choose two.)
A. Communication with the URL filter process.
B. The web client SSL handshake.
C. File buffering.
D. The web server SSL handshake.
Answer: B,D

NEW QUESTION NO: 32
Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies?
A. TCP connection
B. Message headers
C. Message body
D. File attachments
Answer: A

NEW QUESTION NO: 33
A FortiGate unit is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received.
Which of the following statements are possible reasons for this? (Select all that apply.)
A. The FortiGate unit has not been registered.
B. There is a NAT device between the FortiGate unit and the FortiGuard Distribution Network and no override push IP is configured.
C. The FortiGate unit is in Transparent mode which does not support push updates.
D. The external facing interface of the FortiGate unit is configured to use DHCP.
Answer: A,B,D

NEW QUESTION NO: 34
An administrator configures a FortiGate unit in Transparent mode on the 192.168.11.0 subnet. Automatic Discovery is enabled to detect any available FortiAnalyzers on the network.
Which of the following FortiAnalyzers will be detected? (Select all that apply.)
A. 192.168.11.100
B. 192.168.11.251
C. 192.168.10.100
D. 192.168.10.251
Answer: A,B

NEW QUESTION NO: 35
Which of the following statements are correct concerning layer 2 broadcast domains in transparent mode VDOMs?(Choose two)
A. Each VLAN is a separate broadcast domain.
B. All the interfaces in the same broadcast domain must use the same VLAN ID.
C. The whole VDOM is a single broadcast domain even when multiple VLAN are used.
D. Interfaces configured with the same VLAN ID can belong to different broadcast domains.
Answer: A,D

NEW QUESTION NO: 36
Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit.

Which of the following statements is correct regarding this output? (Select one answer).
A. One tunnel is rekeying.
B. Two tunnels are rekeying.
C. Two tunnels are up.
D. One tunnel is up.
Answer: C

NEW QUESTION NO: 37
Which of the following Fortinet products can receive updates from the FortiGuard Distribution Network?
(Select all that apply.)
A. FortiGate
B. FortiClient
C. FortiMail
D. FortiAnalyzer
Answer: A,B,C

NEW QUESTION NO: 38
Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B shows the command output of diagnose sys session stat for the REMOTE device.
Exhibit A:

Exhibit B:

Given the information provided in the exhibits, which of the following statements are correct? (Choose two.)
A. The cluster mode is active-passive.
B. Session-pickup is likely to be enabled.
C. There is not enough information to determine the cluster mode.
D. STUDENT is likely to be the master device.
Answer: C,D

NEW QUESTION NO: 39
Examine at the output below from the diagnose sys top command:

Which statements are true regarding the output above? (Choose two.)
A. The sshd process is the one consuming most CPU.
B. The command diagnose sys kill miglogd will restart the miglogd process.
C. All the processes listed are in sleeping state.
D. The sshd process is using 123 pages of memory.
Answer: A,C

NEW QUESTION NO: 40
Which of the following are valid FortiGate device interface methods for handling DNS requests? (Select all that apply.)
A. Forward-only
B. Recursive
C. Non-recursive
D. Iterative
E. Conditional-forward
Answer: A,B,C