Refer to the exhibit, which shows a partial troubleshooting command output.
An administrator is extensively using IPsec on FortiGate. Many tunnels show information similar to the output shown in the exhibit.
What can the administrator conclude?
AIPsec SAs cannot be offloaded.
BThe two IPsec SAs, inbound and outbound, are copied to the NPU.
COnly the outbound IPsec SA is copied to the NPU.
DOnly the inbound IPsec SA is copied to the NPU.
Refer to the exhibit, which shows an ADVPN network
An administrator must configure an ADVPN using IBGP and EBGP to connect overlay network 1 with 2.
What two options must the administrator configure in BGP? (Choose two.)
Aset ebgp-enforce-multrhop enable
Bset next-hop-self enable
Cset ibgp-enforce-multihop advpn
Dset attribute-unchanged next-hop
Refer to the exhibit, which shows the ADVPN IPsec interface representing the VPN IPsec phase 1 from Hub A to Spoke 1 and Spoke 2, and from Hub В to Spoke 3 and Spoke 4.
An administrator must configure an ADVPN using IBGP and EBGP to connect overlay network 1 with 2.
What must the administrator configure in the phase 1 VPN IPsec configuration of the ADVPN tunnels?
Aset auto-discovery-sender enable and set network-id x
Bset auto-discovery-forwarder enable and set remote-as x
Cset auto-discovery-crossover enable and set enforce-multihop enable
Dset auto-discovery-receiver enable and set npu-offload enable
Refer to the exhibit, which shows a network diagram showing the addition of site 2 with an overlapping network segment to the existing VPN IPsec connection between the hub and site 1.
Which IPsec phase 2 configuration must an administrator make on the FortiGate hub to enable equal-cost multi-path (ECMP) routing when multiple remote sites connect with overlapping subnets?
ASet route-overlap to either use-new or use-old
BSet net-device to ecmp
CSet single-source to enable
DSet route-overlap to allow
An administrator is checking an enterprise network and sees a suspicious packet with the MAC address e0:23:ff:fc:00:86.
What two conclusions can the administrator draw? (Choose two.)
AThe suspicious packet is related to a cluster that has VDOMs enabled.
BThe network includes FortiGate devices configured with the FGSP protocol.
CThe suspicious packet is related to a cluster with a group-id value lower than 255.
DThe suspicious packet corresponds to port 7 on a FortiGate device.
Refer to the exhibits. The exhibits show a network topology, a firewall policy, and an SSL/SSH inspection profile configuration.
Why is FortiGate unable to detect HTTPS attacks on firewall policy ID 3 targeting the Linux server?
AThe administrator must set the policy to inspection mode to analyze the HTTPS packets as expected.
BThe administrator must enable HTTPS in the protocol port mapping of the deep- inspection SSL/SSH inspection profile.
CThe administrator must enable SSL inspection of the SSL server and upload the certificate of the Linux server website to the SSL/SSH inspection profile.
DThe administrator must enable cipher suites in the SSL/SSH inspection profile to decrypt the message.
An administrator needs to install an IPS profile without triggering false positives that can impact applications and cause problems with the user's normal traffic flow.
Which action can the administrator take to prevent false positives on IPS analysis?
AUse the IPS profile extension to select an operating system, protocol, and application for all the network internal services and users to prevent false positives.
BEnable Scan Outgoing Connections to avoid clicking suspicious links or attachments that can deliver botnet malware and create false positives.
CUse an IPS profile with action monitor, however, the administrator must be aware that this can compromise network integrity.
DInstall missing or expired SSL/TLS certificates on the client PC to prevent expected false positives.
Refer to the exhibit, which contains the partial output of an OSPF command.
An administrator is checking the OSPF status of a FortiGate device and receives the output shown in the exhibit.
What two conclusions can the administrator draw? (Choose two.)
AThe FortiGate device is a backup designated router
BThe FortiGate device is connected to multiple areas
CThe FortiGate device injects external routing information
DThe FortiGate device has OSPF ECMP enabled
An administrator must standardize the deployment of FortiGate devices across branches with consistent interface roles and policy packages using FortiManager.
What is the recommended best practice for interface assignment in this scenario?
AEnable metadata variables to use dynamic configurations in the standard interfaces of FortiManager.
BUse the Install On feature in the policy package to automatically assign different interfaces based on the branch.
CCreate interfaces using device database scripts to use them on the same policy package of FortiGate devices.
DCreate normalized interface types per-platform to automatically recognize device layer interfaces based on the FortiGate model and interface name.
What is the initial step performed by FortiGate when handling the first packets of a session?
AInstallation of the session key in the network processor (NP)
BData encryption and decryption
CSecurity inspections such as ACL, HPE, and IP integrity header checking
DOffloading the packets directly to the content processor (CP)
Refer to the exhibit, which shows an ADVPN network.
The client behind Spoke-1 generates traffic to the device located behind Spoke-2.
What is the first message that the hub sends to Spoke-1 to bring up the dynamic tunnel?
Preview
