Examine the IPS sensor configuration shown in the exhibit, and then answer the question below
What are the expected actions if traffic matches this IPS sensor? (Choose two.) The sensor will gather a packet log for all matched traffic. The sensor will not block attackers matching the A32S.Botnet signature. The sensor will block all attacks for Windows servers. The sensor will reset all connections that match these signatures.
Which Statements about virtual domains (VDOMs) arc true? (Choose two.) Transparent mode and NAT/Route mode VDOMs cannot be combined on the same Each VDOM can be configured with different system hostnames Different VLAN sub-interface of the same physical interface can be assigned to
different VDOMs. Each VDOM has its own routing table.
A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces
added to the physical interface.
Which statements about the VLAN sub interfaces can have the same VLAN ID, only if they have IP
addresses in different subnets. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP
addresses in different subnets. The two VLAN sub interfaces must have different VLAN IDs. The two VLAN sub interfaces can have the same VLAN ID, only if they belong to
different VDOMs. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP
addresses in the same subnet.
Examine the two static routes shown in the exhibit, then answer the following question.
Which of the following is the expected FortiGate behavior regarding these two routes to the same
destination? FortiGate will load balance all traffic across both routes. FortiGate will use the port1 route as the primary candidate. FortiGate will route twice as much traffic to the port2 route FortiGate will only actuate the port1 route in the routing table.
Which two statements are true about the Security Fabric rating? (Choose two.) It provides executive summaries of the four largest areas of security focus Many of the security issues can be fixed immediately by clicking Apply where available The Security Fabric rating must be run on the root FortiGate device in the Security Fabric The Security Fabric rating is a free service that comes bundled with all FortiGate devices.
What devices form the core of the security fabric? One FortiGate device and one FortiManager device One FortiGate device and one FortiAnalyzer device Two FortiGate devices and one FortiManager device Two FortiGate devices and one FortiAnalyzer device.
Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue ¡is in neither the physical layer nor the link layer? (Choose
three.) diagnose sys top execute traceroute get system arp diagnose sniffer packet any execute ping.
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate? Intrusion prevention system engine Detection engine Antivirus engine Flow engine.
Why did FortiGate drop the packet? It matched an explicitly configured firewall policy with the action DENY. It failed the RPF check. The next-hop IP address is unreachable. It matched the default implicit firewall policy.
Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?
10.4.200.0/30 is directly connected, port2 0.0.0.0/0 [20/0] via 10.4.200.2, port2 172.16.0.0/16 [50/0] via 10.4.200.2, port2 [5/0] 172.16.32.0/24 is directly connected, port1.
Which of the following route attributes must be equal for static routes to be eligible for equal cost
multipath (ECMP) routing? (Choose two.) Priority Metric Distance Cost.
An employee connects to the https://example.com on the Internet using a web browser. The web
server ’ s certificate was signed by a private internal CA. The FortiGate that is inspecting this traffic is
configured for full SSL inspection.
This exhibit shows the configuration settings for the SSL/SSH inspection profile that is applied to the
policy that is invoked in this instance. All other settings are set to defaults. No certificates have been
imported into FortiGate. View the exhibit and answer the question that follows.
Which certificate is presented to the employee ’ s web browser? The web server ’ s certificate. The user’ s personal certificate signed by a private internal CA. A certificate signed by Fortinet_CA_SSL. A certificate signed by Fortinet_CA_Untrusted.
Which of the following statements about converse mode are true? (Choose two.) FortiGate stops sending files to FortiSandbox for inspection. FortiGate stops doing RPF checks over incoming packets. Administrators cannot change the configuration. Administrators can access the FortiGate only through the console port.
Which one of the following processes is involved in updating IPS from FortiGuard? FortiGate IPS update requests are sent using UDP port 443 Protocol decoder update requests are sent to service.fortiguard.net IPS signature update requests are sent to update.fortiguard.net. IPS engine updates can only be obtained using push updates.
Which of the following FortiGate configuration tasks will create a route in the policy route table?
(Choose two.) Static route created with a Named Address object Static route created with an Internet Services object SD-WAN route created for individual member interfaces SD-WAN rule created to route traffic based on link latency.
Examine the network diagram shown in the exhibit, and then answer the following question:
A firewall administrator must configure equal cost multipath (ECMP) routing on FGT1 to ensure both
port1 and port3 links are used at the same time for all traffic destined for 172.20.2.0/24. Which of
the following static routes will satisfy this requirement on FGT1? (Choose two.)
172.20.2.0/24 (1/0) via 10.10.1.2, port1 [0/0] 172.20.2.0/24 (25/0) via 10.30.3.2, port3 [5/0] 172.20.2.0/24 (25/0) via 10.10.1.2, port1 [5/0] 172.20.2.0/24 (1/150) via 10.30.3.2, port3 [10/0].
|
