Refer to the exhibit.
Partial output of FortiOS kernel slabs
The partial output of FortiOS kernel slabs is shown.
Which statement about total slab size is true?
AThe total slab size of the ip6_session slab is 1472 kB and is associated with the kernel.
BThe total slab size of the ip_session slab is 14080 kB and is associated with the user space.
CThe total slab size of the UDPv6 slab is 14080 kB and is associated with the user space.
DThe total slab size of the tcp_session slab is 7500 kB and is associated with the kernel.
Refer to the exhibit.
The partial output of diagnose sys session stat command is shown.
Which statement about the output shown in the exhibit is correct?
A27 sessions have expired but are still in the session table in case any out-of-order packets arrive.
B562 TCP sessions have their proto_state set to 01 if there is no inspection.
CThere have been 131072 recorded ephemeral sessions but there are no current ones.
D113 sessions have been dropped because of memory page exhaustion.
Refer to the exhibit.
The output of a BGP debug command is shown.
Why has the local router at 172.16.23.58 been unable to establish adjacency with its only neighbor?
AThe local router has not received an OPEN message from the neighbor.
BThere is no active route to the BGP neighbor.
CThe neighbor router has become unreachable, which is evident by the low ratio of messages received to messages sent.
DThe local router has not received a SYN/ACK packet from the neighbor.
Refer to the exhibit.
Debug output -
Which two statements about FortiGate behavior relating to this session are correct? (Choose two.)
AFortiGate either initiated the session or the session terminates at FortiGate.
BFortiGate redirected the client to the captive portal to authenticate so that a correct policy match could be made.
CFortiGate forwarded this session without any inspection.
DFortiGate is performing a security profile inspection using the CPU.
Which two protocol states indicate that traffic is bidirectional? (Choose two.)
Aproto_state=05 for a TCP session.
Bproto_state=01 for a TCP session.
Cproto_state=01 for a UDP session.
Dproto_state=00 for an ICMP session.
Refer to the exhibit.
VPN tunnel details -
Partial output of the get vpn ipsec tunnel details command is shown.
Based on the output, which two statements are correct? (Choose two.)
AAnti-replay is enabled.
BThe npu_flag for this tunnel is 03.
CThe npu_flag for this tunnel is 02.
DDifferent SPI values are a result of auto-negotiation being disabled for phase2 selectors.
Which two statements about Security Fabric communications are true? (Choose two.)
AThe default ports for FortiTelemetry and Neighbor Discovery can be modified.
BSecurity Fabric communication is enabled by default among all Fortinet devices.
CFortiTelemetry must be manually enabled on the FortiGate interface.
DBy default, the downstream FortiGate establishes a connection with the upstream FortiGate using TCP port 8013.
Refer to the exhibit.
High Availability configuration status
Which two statements about the output are true considering NGFW-1 and NGFW-2 have been up for a week? (Choose two.)
AIf a configuration change is made to the secondary FortiGate, the Configuration Status will not change.
BIf a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.
CIf FGVM...649 is rebooted, FGVM...650 will become the primary FortiGate and retain that role, even after FGVM...649 rejoins the cluster.
DIf port7 becomes disconnected on the secondary FortiGate, both FortiGate devices will elect themselves as primary.
Refer to the exhibit.
Debug output -
The output of the command diagnose vpn tunnel list is shown.
Reviewing the debug command, what is the current status of the traffic flowing through the tunnel?
ANP6 is handling the offloading.
BThe inbound IPsec SA was copied to the NPU.
CThe outbound IPsec SA was copied to the NPU.
DThe inbound and outbound IPsec SAs were copied to the NPU.
Refer to the exhibit.
Which three pieces of information does the diagnose sys top command provide? (Choose three.)
AThe miglogd daemon is running on CPU core ID 0.
BThe cmdbsvr process is occupying 2.4% of the total user memory space.
CThe diagnose sys top command has been running for 18 minutes.
DIf the newcli daemon continues to be in the R state, it will need to be manually restarted.
EThe miglogd daemon would be on top of the list, if the administrator pressed m on the keyboard.
Refer to the exhibit.
Real-time OSPF debug output -
Partial output of a real-time OSPF debug is shown.
Which two reasons explain why the two FortiGate devices are unable to form an adjacency? (Choose two.)
AThe remote peer has either OSPF cleartext or MD5 authentication configured.
BThe local FortiGate has either OSPF cleartext or MD5 authentication configured.
CThere is an OSPF authentication configuration mismatch.
DThe local FortiGate does not have OSPF authentication configured.
Refer to the exhibit.
Partial output of a diagnose command
The partial output of a diagnose command is shown.
Which two conclusions can you draw from the output shown in the exhibit? (Choose two.)
AFortiGate will drop the expected traffic if it does not arrive within 23 seconds.
BThe packets that belong to this session are checked against firewall policy ID 25.
CThe TCP session is not established.
DThis is a pinhole session to allow traffic for a TCP protocol that dynamically assigns TCP ports.
Refer to the exhibit.
Debug output -
A partial output from an IKE real-time debug is shown.
The administrator does not have access to the remote gateway.
Based on the debug output, which two conclusions can you draw? (Choose two.)
AThere is a Diffie-Hellman group mismatch.
BThis is a phase1 negotiation.
CThe remote peer is the initiating peer.
DThis is a phase2 negotiation.
Refer to the exhibit.
The exhibit shows a session entry.
Which statement about this TCP session is true?
AThe session will expire in one second.
BThe session is offloaded using NP7.
CReturn traffic to the initiator is sent to 10.9.31.117.
DIt is a TCP session from 10.9.31.117 to 10.1.0.3.
What are two reasons you might see iprope_in_check() check failed, drop when using the debug flow? (Choose two.)
AThe packet was dropped because the trusted host list is misconfigured.
BThe packet was dropped because it is not allowed by any firewall policy.
CThe packet was dropped because the requested service is not enabled on FortiGate.
DThe packet was dropped because there is no route to the source.
Refer to the exhibit.
The administrator did not override the FortiGuard FQDN or IP address in the FortiGate configuration.
Which IP address did FortiGate get when resolving the service.fortiguard.net name?
A64.26.151.37
B209.22.147.36
C208.91.112.194
D96.45.33.65
Refer to the exhibits.
Partial configurations of two VPNs on FortiGate are shown.
An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, the administrator discovers that FortiGate is not matching the user-2 VPN for members of the Users-2 group.
Which two changes must the administrator make to fix the issue? (Choose two.)
AChange to aggressive mode on both VPNs.
BEnable XAuth on both VPNs.
CSet up specific peer IDs on both VPNs.
DUse different pre-shared keys on both VPNs.
Refer to the exhibit.
FortiGate is showing continuous high CPU usage. During a maintenance window, the CLI command diagnose sys top displays the output shown in the exhibit.
The CLI command diagnose test application ipsmonitor 5 was run, but the CPU usage by daemon ipsengine did not drop.
Which immediate action can you take to reduce the CPU usage effectively?
AReduce the number of IPS signatures enabled on the active IPS profiles.
BBypass all IPS engines.
CExecute diagnose test application ipsmonitor 2 instead.
DDisable IPS on all firewall policies.
Refer to the exhibit.
Network topology and a partial routing table
Network topology and a partial routing table is shown.
FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from port1 to port3.
Which two changes can the administrator perform to ensure the server at 10.4.0.1/24 receives the echo reply from the laptop at 10.1.0.1/24? (Choose two.)
AModify the default gateway on the laptop from 10.1.0.2 to 10.1.0.254.
BChange the FortiGate configuration from strict RPF check mode to feasible RPF check mode.
CEnable asymmetric routing under config system settings.
DAdd a default static route on FortiGate to forward all traffic to port3.
Refer to the exhibits.
Exhibit 1 -
Exhibit 2 -
The configuration on FortiGate and partial internet session information from a user on the internal network are shown.
An administrator would like to test session failover between the two service provider connections.
Which two changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)
AModify the distance of the port1 route to 1.
BChange the priority of the port1 static route to 11.
CConfigure set snat-route-change enable.
DChange the priority of the port2 static route to 5.
Which two troubleshooting steps should you perform if you encounter issues with intermittent web filter behavior? (Choose two.)
ACheck that the correct port is mapped to HTTP in the Protocol Options.
BCheck that the communication between FortiGate and FortiGuard is stable.
CCheck that the inspection mode configured for the web filter profile matches that of the firewall policy where it is applied.
DCheck that FortiGate is not entering conserve mode.
Refer to the exhibit.
The output of diagnose sys session list command is shown.
If the HA ID for the primary device is 0, what happens if the primary falils and the secondary becomes the primary?
AThe session is synchronized with the secondary device, however, because application control is applied, the session is marked dirty and has to be re-evaluated after failover.
BThe session state is preserved but the kernel will re-evaluate the session because the routing information will be flushed.
CThe session will be removed from the session table of the secondary device because the TCP session is not yet fully established.
DThe session continues to permit traffic on the new primary device after failover, without requiring the client to restart the session with the server.
Refer to the exhibit.
An administrator deployed FSSO in DC Agent mode but FSSO is failing on FortiGate. Pinging FortiGate from where the collector agent is deployed is successful. The administrator then produces the debug output shown in the exhibit.
Which two components could be causing this error message? (Choose two.)
AThe collector agent preshared password is mismatched.
BFortiGate and the collector agent are using different TCP ports.
CThe connection is blocked by the Windows firewall.
DTCP port 445 is blocked between FortiGate and the collector agent.
Refer to the exhibit.
The sniffer log on two FortiGate devices are shown.
Based on the information in the log, which two factors explain the output on FortiGate FGT-02?
AThe administrator configured the wrong remote peer IP address on FGT-01.
BThe administrator set the wrong sniffer filter on FGT-02.
CThe administrator has not yet configured the VPN tunnel on FGT-02.
DA third-party device is blocking protocol 50.
A VPN tunnel is up. To monitor traffic flow, the administrator enters the following CLI commands on an SSH session on FortiGate:
diagnose debug enable
diagnose sniffer packet any ’udp and port 500’ 4
However, the sniffer does not show any output.
Assuming default configuration values, what are two possible reasons there is no output? (Choose two.)
AThe sniffer output will be ignored because running diagnose debug enable shows only application real-time debugs.
BNAT Traversal is enabled.
CThe sniffer must be restricted to the remote peer IP address.
DThe filter should be modified to also capture packets for TCP port 443 or TCP port 4500.
Preview
