ERASED TEST, YOU MAY BE INTERESTED ON efw
COMMENTS | STATISTICS | RECORDS |
---|
TAKE THE TEST
Title of test:
efw Description: seven letters Author: webcrafter Other tests from this author Creation Date: 08/10/2024 Category: Entertainment Number of questions: 57 |
Share the Test:
New Comment
No comments about this test.
Content:
Refer to the exhibit, which contains a TCL script configuration on FortiManager.
An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being
run.
Why did the TCL script fail to make any changes to the managed device?
A. The TCL procedure run_cmd has not been created. B. The TCL script must start with #include. C. There is no corresponding #! to signify the end of the script. D. The TCL procedure lacks the required loop statements to iterate through the changes. You want to improve reliability over a lossy IPSec tunnel. Which combination of IPSec phase 1 parameters should you configure? A. fec-ingress and fsc-egrsss B. dpd and dpd-retryinterval C. fragmentation and fragmentation-mtu D. keepalive and keylive. How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.) A. When run on the Device Database, changes are applied directly to the managed FortiGate device. B. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation. C. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history. D. When run on the Policy Package, ADOM database, you must use the installation wizard to apply the changes to the managed FortiGate device. Refer to the exhibit, which contains a partial configuration of the global system. What can you conclude from this output? A. Only NPs are disabled B. Only CPs are disabled C. NPs and CPs are enabled D. NPs and CPs are disabled. Refer to the exhibits, which show the configurations of two address objects from the same FortiGate. Engineering address object - Finance address object - Why can you modify the Engineering address object, but not the Finance address object? A. You have read-only access. B. Another user is editing the Finance address object in workspace mode. C. FortiGate joined the Security Fabric and the Finance address object was configured on the root FortiGate. D. FortiGate is registered on FortiManager. Which two statements about the neighbor-group command are true? (Choose two.) A. It applies common settings in an OSPF area B. You can apply it in Internal BGP (IBGP) and External BGP (EBGP) C. You can configure it on the GUI D. It is combined with the neighbor-range parameter. Refer to the exhibit, which contains information about an IPsec VPN tunnel. What two conclusions can you draw from the command output? (Choose two.) A. Dead peer detection is set to enable B. The IKE version is 2 C. Both IPsec SAs are loaded on the kernel D. Forward error correction in phase 2 is set to enable. Which two statements about IKE version 2 fragmentation are true? (Choose two.) A. Only some IKE version 2 packets are considered fragmentable B. The reassembly timeout default value is 30 seconds C. It is performed at the IP layer D. The maximum number of IKE version 2 fragments is 12. An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. What can the administrator do to fix this problem? A. Configure set link-failed-signal enable under config system ha on both cluster members B. Configure set send-garp-on-failover enable under config system ha on both cluster members C. Configure remote link monitoring to detect an issue in the forwarding path. D. Verify that the speed and duplex settings match between the FortiGate interfaces and the connected switch port. Refer to the exhibit, which shows the output of a BGP summary. What two conclusions can you draw from this BGP summary? (Choose two.) A. The BGP session with peer 10.127.0.75 is established. B. External BGP (EBGP) exchanges routing information. C. The router 100.64.3.1 has the parameter bfd set to enable. D. The neighbors displayed are linked to a local router with the neighbor-range set to a value of . Refer to the exhibit, which shows a custom signature. Which two modifications must you apply to the configuration of this custom signature so that you can save it on FortiGate? (Choose two.) A. Ensure that the header syntax is F-SBID. B. Add severity. C. Add attack_id. D. Start options with --. What are two functions of automation stitches? (Choose two.) A. Automation stitches can be created to run diagnostic commands and email the results when CPU or memory usage exceeds specified thresholds. B. An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions. C. Automation stitches can be configured on any FortiGate device in a Security Fabric environment. D. An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action. Refer to the exhibit which shows config system central-management information. Which setting must you configure for the web filtering feature to function? A. Set update-server-location to automatic B. Add server.fortiguard.net to the Server list C. Configure securewf.fortiguard.net on the default servers D. Configure server-type with the rating option. Which two statements about the Security Fabric are true? (Choose two.) A. FortiGate uses the FortiTelemetry protocol to communicate with FortiAnalyzer B. Only the root FortiGate sends logs to FortiAnalyzer C. Only FortiGate devices with configuration-sync set to default receive and synchronize global CMDB objects that the root FortiGate sends D. Only the root FortiGate collects network topology information and forwards it to FortiAnalyzer. Refer to the exhibit which shows two configured FortiGate devices and peering over FGSP. The main link directly connects the two FortiGate devices and is configured using the set session-syn-dev <interface> command. What is the primary reason to configure the main link A. To have only configuration synchronization in layer 3 B. To load balance both sessions and configuration synchronization between layer 2 and 3 C. To have both sessions and configuration synchronization in layer 3 D. To have both sessions and configuration synchronization in layer 2. Refer to the exhibit, which shows a network diagram. Which protocol should you use to configure the FortiGate cluster? A. FGCP in active-passive mode B. FGCP in active-active mode C. FGSP D. VRRP. After enabling IPS, you receive feedback about traffic being dropped. What could be the reason? A. IPS is configured to monitor. B. np-accel-node is set to enable. C. fail-open is set to disable. D. traffic-submit is set to disable. Refer to the exhibit which shows an ADVPN network. Which VPN phase 1 parameters must you configure on the hub for the ADVPN feature to function? (Choose two.) A. set auto-discovery-sender enable B. set auto-discovery-receiver enable C. set add-route enable D. set auto-discovery-forwarder enable. Which two statements about metadata variables are true? (Choose two.) A. The metadata format is $<metadata_variable_name>. B. You create them on FortiGate. C. They can be used as variables in scripts. D. They apply only to non-firewall objects. Refer to the exhibits, which contain the network topology and BGP configuration for a hub. Exhibit A. Exhibit B. An administrator is trying to configure ADVPN with a hub and spoke VPN setup using iBGP. All the VPNs are up and connected to the hub. The hub is receiving route information from both spokes over iBGP; however the spokes are not receiving route information from each other. What change must the administrator make to the hub BGP configuration so that the routes learned from one spoke are forwarded to the other spoke? A. Configure the hub as a route reflector B. Configure auto-discovery-sender on the hub C. Add a prefix list to the hub that permits routes to be shared between the spokes D. Enable route redistribution under config router bgp. Refer to the exhibit, which contains a partial VPN configuration. What can you conclude from this configuration? A. FortiGate creates separate virtual interfaces for each dial-up client B. The VPN should use the dynamic routing protocol to exchange routing information through the tunnels C. Dead peer detection is disabled D. The routing table shows a single IPSec virtual interface. Refer to the exhibit which shows information about an OSPF interface. What two conclusions can you draw from this command output? (Choose two.) A. The interfaces of the OSPF routers match the MTU value that is configured as 1500. B. NGFW-1 is the designated router. C. The port3 network has more than one OSPF router. D. The OSPF routers are in the area ID of 0.0.0.1. Which two statements about the BFD parameter in BGP are true? (Choose two.) A. It detects only two-way failures. B. The two routers must be connected to the same subnet. C. It allows failure detection in less than one second. D. It is supported for neighbors over multiple hops. You created a VPN community using VPN Manager on FortiManager. You also added gateways to the VPN community. Now you are trying to create firewall policies to permit traffic over the tunnel; however, the VPN interfaces do not appear as available options. What step must you take to resolve this issue? A. Refresh the device status using the Device Manager so that FortiGate populates the IPSec interfaces. B. Install the VPN community and gateway configuration on the FortiGate devices so that the VPN interfaces appear on the Policy Objects on FortiManager. C. Configure the phase 1 settings in the VPN community that you didn’t initially configure. FortiGate automatically generates the interfaces after you configure the required settings. D. Create interface mappings for the IPsec VPN interfaces before you use them in a policy. Refer to the exhibit, which shows a central management configuration. Which server will FortiGate choose for web filter rating requests, if 10.0.1.240 is experiencing an outage? A. 10.0.1.244 B. 10.0.1.242 C. Public FortiGuard servers D. 10.0.1.243. Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true? A. Only the DR receives link state information from non-DR routers. B. Non-DR and non-BDR routers form full adjacencies to DR only. C. FortiGate first checks the OSPF ID to elect a DR. D. Non-DR and non-BDR routers send link state updates and acknowledgements to 224.0.0.6. Refer to the exhibit, which contains a partial policy configuration. Which setting must you configure to allow SSH? A. Specify SSH in the Service field. B. Select an application control profile corresponding to SSH in the Security Profiles section. C. Include SSH in the Application field. D. Configure port 22 in the Protocol Options field. Refer to the exhibit, which shows an SSL certification inspection configuration. Which action does FortiGate take if the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate? A. FortiGate uses the first entry listed in the SAN field in the server certificate B. FortiGate uses the CN information from the Subject field in the server certificate C. FortiGate uses the SNI from the user's web browser. D. FortiGate closes the connection because this represents an invalid SSL/TLS configuration. Refer to the exhibit, which contains a partial OSPF configuration. What can you conclude from this output? A. Neighbors maintain communication with the restarting router. B. The restarting router sends gratuitous ARP for 30 seconds. C. FortiGate restarts if the topology changes. D. The router sends grace LSAs before it restarts. Refer to the exhibit, which contains an ADVPN network diagram and a partial BGP configuration. Network diagram - Partial BGP configuration - Which two parameters should you configure in config neighbor-range? (Choose two.) A. set neighbor-group advpn B. set route-reflector-client enable C. set prefix 10.1.0 255.255.254.0 D. set prefix 172.16.1.0 255.255.255.0. You want to have faster detection for OSPF. Which parameter should you enable on both connected FortiGate devices? A. distribute-list-in B. rfc1583-compatible C. restart-on-topology-change D. bfd. Refer to the exhibit, which provides information on BGP neighbors. What can you conclude from this command output? A. You must change the AS number to match the remote peer. B. BGP is attempting to establish a TCP connection with the BGP peer. C. The bfd configuration is set to enable. D. The routers are in the same area ID of 0.0.0.0. Which two statements about ADVPN are true? (Choose two.) A. The hub adds routes based on IKE negotiations. B. You must configure phase 2 quick mode selectors to 0.0.0.0 0.0.0.0. C. All FortiGate devices must be in the same autonomous system (AS). D. You must disable add-route in the hub. Which statement about network processor (NP) offloading is true? A. The NP checks the session key or IPSec SA. B. The NP provides IPS signature matching. C. You can disable the NP for each firewall policy using the command np-acceleration set to loose. D. For TCP traffic, FortiGate CPU offloads the first packets of SYN/ACK and ACK of the three-way handshake to NP. Refer to the exhibit, which shows an error in system fortiguard configuration. What is the reason you cannot set the protocol to udp in config system fortiguard? A. udp is not a protocol option. B. fortiguard-anycast is set to enable. C. You do not have the corresponding write access. D. FortiManager provides FortiGuard. Refer to the exhibit, which contains an active-active load balancing scenario. During the traffic flow, the primary FortiGate forwards the SYN packet to the secondary FortiGate. What is the destination MAC address or addresses when packets are forwarded from the primary FortiGate to the secondary FortiGate? A. Secondary virtual MAC port1 then physical MAC port1 B. Secondary virtual MAC port1 C. Secondary physical MAC port1 D. Secondary physical MAC port1 then virtual MAC port2 . Which configuration can be used to reduce the number of BGP sessions in an IBGP network? A. route-reflector-peer enable B. route-reflector-server enable C. route-reflector-client enable D. route-reflector enable. In which two ways does FortiManager function when it is deployed as a local FDS? (Choose two.) A. It can be configured as an update server, a rating server, or both. B. It caches available firmware updates for unmanaged devices. C. It supports rating requests from non-FortiGate devices. D. It provides VM license validation services. Refer to the exhibit, which shows a partial web filter profile configuration. What can you conclude from this configuration about access to www.facebook.com, which is categorized as Social Networking? A. The access is blocked, based on the URL Filter configuration. B. The access is blocked, based on the Content Filter configuration. C. The access is allowed, based on the FortiGuard Category Based Filter configuration. D. The access is blocked if the local or the public FortiGuard server does not reply. Refer to the exhibit, which shows an ADVPN network. The client behind Spoke-1 generates traffic to the device located behind Spoke-2. Which first message does the hub send to Spoke-1 to bring up the dynamic tunnel? A. Shortcut forward B. Shortcut reply C. Shortcut query D. Shortcut offer. Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.) A. OSPF interface network types match. B. OSPF interface priority settings are unique. C. OSPF router IDs are unique. D. OSPF link costs match. E. Authentication settings match. Refer to the exhibit, which shows a partial routing table. What two conclusions can you draw from the corresponding FortiGate configuration? (Choose two.) A. OSPF is configured to run over IPSec. B. net-device is enabled in the tunnel IPSec phase 1 configuration. C. IPSec tunnel aggregation is configured. D. add-route is disabled in the tunnel IPSec phase 1 configuration. Which two statements about bfd are true? (Choose two.) A. You must configure it globally only. B. You can disable it at the protocol level. C. It can support neighbors only over the next hop in BGP. D. It works for OSPF and BGP. Refer to the exhibit, which contains a partial BGP configuration. You want to configure a loopback as the BGP source. Which two parameters must you set in the BGP configuration? (Choose two.) A. ebgp-enforce-multihop B. recursive-next-hop C. ibgp-enforce-multihop D. update-source. You want to configure faster failure detection for BGP. Which parameter should you enable on both connected FortiGate devices? A. graceful-restart B. distribute-list-in C. ebgp-enforce-multihop D. bfd. You configured an address object on the root FortiGate in a Security Fabric. This object is not synchronized with a downstream device. Which two reasons could be the cause? (Choose two.) A. The downstream FortiGate has fabric-object-unification set to local. B. The root FortiGate has configuration-sync set to enable. C. The address object on the root FortiGate has fabric-object set to disable. D. The downstream FortiGate has configuration-sync set to local. Refer to the exhibit, which contains a CLI script configuration on FortiManager. An administrator configured the CLI script on FortiManager, but the script failed to apply any changes to the managed device after being executed. What are two reasons why the script did not make any changes to the managed device? (Choose two.) A. CLI scripts must start with #!. B. Static routes can be added using only TCL scripts. C. Incomplete commands can cause CLI scripts to fail. D. The commands that start with the # sign did not run. Refer to the exhibit, which shows the output from the webfilter fortiguard cache dump and webfilter categories commands. Using the output, how can an administrator determine the category of the training.fortinet.com website? A. The administrator can look up the hex value of 34 in the second command output. B. The administrator must convert the first two digits of the Domain hex value to a decimal value. C. The administrator must convert the first three digits of the IP hex value to binary. D. The administrator must add both the Domain and IPhex values of 34 to get the category number. Refer to the exhibit, which contains the partial ADVPN configuration of a spoke. Which two parameters must you configure on the corresponding single hub? (Choose two.) A. set auto-discovery-receiver enable B. set auto-discovery-sender enable C. set ike-version 2 D. set auto-discovery-forwarder enable. You want to block access to the website www.eicar.org using a custom IPS signature. Which custom IPS signature should you configure? A. F-SBID ( --name “detect_eicar”; --protocol udp; --service ssl; --flow from_client; --pattern “www.eicar.org”; --no_case; --context host;) B. F-SBID ( --name “eicar”; --protocol udp; --flow from_server; --pattern “eicar”; --context host;) C. F-SBID ( --name “detect_eicar”; --protocol tcp; --service dns; --flow from_server; --pattern “eicar”; --no_case;) D. F-SBID ( --name “eicar”; --protocol tcp; --service HTTP; --flow from_client; --pattern “www.eicar.org”; --no_case; --context host;). Refer to the exhibit, which shows a network diagram. Which IPSec phase 2 configuration should you implement so that only one remote site is connected at any time? A. Set net-device to enable. B. Set route-overlap to allow. C. Set single-source to enable. D. Set route-overlap to either use-new or use-old. Which ADVPN configuration must be configured using a script on FortiManager, when using VPN Manager to manage FortiGate VPN tunnels? A. Enable AD-VPN in IPsec phase 1 B. Configure IP addresses on IPsec virtual interfaces C. Set protected network to all D. Disable add-route on hub. Refer to the exhibit, which contains the partial interface configuration of two FortiGate devices. Which two conclusions can you draw from this configuration? (Choose two.) A. The VRRP domain uses the physical MAC address of the primary FortiGate. B. On failover, new primary device uses the same MAC address as the old primary. C. 10.1.5.254 is the default gateway of the internal network. D. By default, FortiGate-B is the primary virtual router. Which two statements about IKE version 2 are true? (Choose two.) A. It supports the XAuth protocol. B. Phase 1 includes main mode. C. It exchanges a minimum of four messages to establish a secure tunnel. D. It supports the extensible authentication protocol (EAP). Which FortiGate in a Security Fabric sends logs to FortiAnalyzer? A. Only the root FortiGate. B. Each FortiGate in the Security Fabric. C. The FortiGate devices performing network address translation (NAT) or unified threat management (UTM), if configured. D. Only the last FortiGate that handled a session in the Security Fabric. Refer to the exhibit, which shows a routing table. What two options can you configure in OSPF to block the advertisement of the 10.1.10.0 prefix? (Choose two.) A. Configure a route-map-out. B. Disable Redistribute Connected. C. Configure a distribute-list-out. D. Remove the 10.1.10.0 prefix from the OSPF network. Which two statements about ADVPN are true? (Choose two.) A. auto-discovery-receiver must be set to enable on the spokes. B. Spoke-to-spoke traffic never goes through the hub. C. It supports NAT for on-demand tunnels. D. Routing is configured by enabling add-advpn-route. |
Report abuse