Refer to the exhibit, which contains the output of a debug command.
If the default settings are in place, what can you conclude about the conserve mode shown in the exhibit?
AFortiGate is currently blocking new sessions that require flow-based or proxy-based content inspection.
BFortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings because of high memory use.
CFortiGate is currently allowing new sessions that require flow-based or proxy-based content inspection but is not performing inspection on those sessions.
DFortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection.
Refer to the exhibit, which shows the omitted output of a real-time OSPF debug.
Which statement is false?
AA password has been configured on the local OSPF router but is not shown in the output.
BThe Hello packet is being sent from an OSPF router with ID 0.0.0.112.
CThe two FortiGate devices attempting adjacency are in area 0.0.0.0.
DOne FortiGate device is configured to require authentication, while the other is not.
Which two conditions would prevent a static route from being added to the routing table? (Choose two.)
AThe next-hop IP address is unreachable.
BThe interface specified in the route configuration is down.
CThe route has a lower priority value than another route to the same destination.
DThere is another other route to the same destination, with a lower distance.
What are two functions of automation stitches? (Choose two.)
AYou can configure automation stitches on any FortiGate device in a Security Fabric environment.
BYou can create automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.
CAn automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.
DYou can set an automation stitch configured to execute actions in parallel to insert a specific delay between actions.
What is the diagnose test application ipsmonitor 5 command used for?
ATo disable the IPS engine
BTo provide information regarding IPS sessions
CTo restart all IPS engines and monitors
DTo enable IPS bypass mode
Question 6
Network Security Support Engineer
0
Question 7
Network Security Support Engineer
Question 8
Network Security Support Engineer
Question 9
Network Security Support Engineer
Question 10
Network Security Support Engineer
Question 11
Network Security Support Engineer
Question 12
Network Security Support Engineer
Question 13
Network Security Support Engineer
Question 14
Network Security Support Engineer
Question 15
Network Security Support Engineer
Question 16
Network Security Support Engineer
Question 17
Network Security Support Engineer
Question 18
Network Security Support Engineer
Question 19
Network Security Support Engineer
Question 20
Network Security Support Engineer
Question 21
Network Security Support Engineer
Question 22
Network Security Support Engineer
Question 23
Network Security Support Engineer
Question 24
Network Security Support Engineer
Question 25
Network Security Support Engineer
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Refer to the exhibit, which shows the output of diagnose sys session stat.
Which statement about the output shown in the exhibit is correct?
AAll the sessions in the session table are TCP sessions.
B162 sessions have been deleted because of memory page exhaustion.
CThere are 166 TCP sessions waiting to complete the three-way handshake.
DThere are two sessions that have not been removed in case of any out-of- order packets that arrive.
Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command. Based on the output, which two statements are correct? (Choose two.)
AAnti-replay is enabled.
BThe npu_flag for this tunnel is 03.
CThe npu_flag for this tunnel is 02.
DDifferent SPI values are a result of auto-negotiation being disabled for phase 2 selectors.
Refer to the exhibit, which contains the output of diagnose vpn tunnel list.
Which command will capture ESP traffic for the VPN named DialUp_0?
Adiagnose sniffer packet any 'host 10.0.10.10'
Bdiagnose sniffer packet any 'ip proto 50'
Cdiagnose sniffer packet any 'esp and host 10.200.3.2'
Ddiagnose sniffer packet any 'port 4500'
Refer to the exhibit, which shows the output of get router info ospf neighbor.
What can you conclude from the command output?
AThe local FortiGate is not a DROther.
BAll neighbors are in area 0.0.0.0.
CThe local FortiGate is the BDR.
DThe network type connecting the local Fortigate and OSPF neighbor 0.0.0.10 is point-to-point.
Refer to the exhibit, which shows the output of a BGP debug command.
Which statement explains why the state of the 10.200.3.1 peer is Connect?
AThe local router initiated the BGP session to 10.200.3.1 but did not receive a response.
BThe local router is receiving BGP keepalives from the remote peer, but the local peer has not received the OpenConfirm yet.
CThe router 10.200.3.1 has authentication configured for BGP and the local router does not.
DThe local router has a different AS number than the remote peer.
Refer to the exhibit, which shows the modified output of the routing kernel.
Which statement is true?
AThe BGP route to 10.0.4.0/24 is not in the forwarding information base.
BThe default static route through port2 is in the forwarding information base.
CThe default static route through 10.200.1.254 is not in the forwarding information base.
DThe egress interface associated with static route 8.8.8.8/32 is administratively up.
Which statement is correct regarding LDAP authentication using the regular bind type?
AThe regular bind type goes through four steps to successfully authenticate a user.
BThe regular bind type cannot be used if users are authenticated using sAMAccountName.
CThe regular bind type is the easiest bind type to configure on FortiOS.
DThe regular bind type requires a FortiGate super_admin account.
Which statement about IKE and IKE NAT-T is true?
AIKE is used to encapsulate ESP traffic in some situations, and IKE NAT-T is used only when the local FortiGate is using NAT on the IPsec interface.
BIKE is the standard implementation for IKEv1 and IKE NAT-T is an extension added in IKEv2.
CThey each use their own IP protocol number.
DThey both use UDP as their transport protocol and the port number is configurable.
Refer to the exhibit, which shows the omitted output of diagnose npu np6 port-list on a FortiGate 1500D.
An administrator is unable to analyze traffic flowing between port1 and port7 using the diagnose sniffer command.
Which two commands allow the administrator to view the traffic? (Choose two.)
Adiagnose npu np6 port-list disable 5 17
B
Cdiagnose npu np6 fastpath disable 0
D
Refer to the exhibit.
FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from port1 to port3.
Which changes must the administrator perform to ensure the server at 10.4.0.1/24 receives the echo reply from the laptop at 10.1.0.1/24?
AEnable asymmetric routing under config system settings.
BModify the default gateway on the laptop from 10.1.0.2 to 10.2.0.2.
CA firewall policy that allows all ICMP traffic from port3 to port1.
DChange the configuration from strict RPF check mode to feasible RPF check mode.
Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.
Which action will FortiGate take when using the default settings for SSL certificate inspection?
AFortiGate closes the connection because this represents an invalid SSL/TLS configuration.
BFortiGate uses the CN information from the Subject field in the server certificate.
CFortiGate uses the first entry listed in the SAN field in the server certificate.
DFortiGate uses the SNI from the user’s web browser.
Refer to the exhibits, which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network.
If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?
AThe session would be deleted, and the client would need to start a new session.
BThe session would remain in the session table, but its traffic would now egress from both port1 and port2.
CThe session would remain in the session table, and its traffic would egress from port2.
DThe session would remain in the session table, and its traffic would egress from port1.
Refer to the exhibit, which shows two entries that were generated in the FSSO collector agent logs.
What three conclusions can you draw from these log entries? (Choose three.)
ARemote registry is not running on the workstation.
BThe FortiGate firmware version is not compatible with that of the collector agent.
CDNS resolution is unable to resolve the workstation name.
DThe user’s status shows as “not verified” in the collector agent.
EA firewall is blocking traffic to port 139 and 445.
Refer to the exhibits.
An administrator is attempting to advertise the network configured on port3. However, FGT-A is not receiving the prefix.
Which two actions can the administrator take to fix this problem? (Choose two.)
ARestart BGP using a soft reset, which forces both peers to exchange their complete BGP routing tables.
BManually add the BGP route on FGT-A.
CModify the prefix using the network command from 172.16.0.0/16 to 172.16.54.0/24.
DUse the set network-import-check disable command.
Refer to the exhibit, which shows a truncated output of a real-time RADIUS debug.
Which two statements are true? (Choose two.)
AThe RADIUS server queried for authentication is located at IP address 172.25.188.164.
BAuthentication was unsuccessful.
CThe authentication scheme used was pop3.
DAuthentication was successful.
ETwo-factor authentication was required.
Refer to the exhibit, which shows the omitted output of FortiOS kernel slabs.
Which statement is true?
AThe total slab size of the tcp_session slab is 7500 kB and is associated with the kernel.
BThe total slab size of the ip6_session slab is 1300 kB and is associated with the kernel.
CThe total slab size of the sctp_session slab is 0 kB and is associated with the user space.
DThe total slab size of the ip_session slab is 3600 kB and is associated with the user space.
Refer to the exhibit, which shows a partial output of the fssod daemon real-time debug command.
What two conclusions can you draw from the output? (Choose two.)
AFSSO is using agentless polling mode to detect logon events.
BThe workstation with IP 10.124.2.90 will be polled frequently using TCP port 445 to see if the user is still logged on.
CThe logon event can be seen on the collector agent installed on Windows.
DFSSO is using DC agent mode to detect logon events.
Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)
AOSPF link costs match.
BOSPF interface priority settings are unique.
COSPF interface network types match.
DAuthentication settings match.
EOSPF router IDs are unique.
Refer to the exhibit, which shows a session table entry.
Which statement about FortiGate behavior relating to this session is true?
AFortiGate forwarded this session without any inspection.
BFortiGate is performing a security profile inspection using the CPU.
CFortiGate redirected the client to the captive portal to authenticate, so that a correct policy match could be made.
DFortiGate applied only IPS inspection to this session.
Refer to the exhibit, which contains partial output from an IKE real-time debug.
The administrator does not have access to the remote gateway.
Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?
AIn the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.
BIn the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.
CIn the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.
DIn the phase 1 network configuration, set the IKE version to 2.
