Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

Mode Selection

Question 1

Question 2

Question 3

Examine the output of the "˜get router info bgp summary' command shown in the exhibit; then answer the question below.

Question 4

Examine the following partial output from a sniffer command; then answer the question below.

Question 5

A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

Question 6

Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?

A Diagnose debug application radius -1.
B Diagnose debug application fnbamd -1.
C Diagnose authd console ""log enable.
D Diagnose radius console ""log enable.

Question 7

Examine the output of the "˜diagnose sys session list expectation' command shown in the exhibit; than answer the question below.

Question 8

An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both
VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

A Router ID.
B OSPF interface area.
C OSPF interface cost.
D OSPF interface MTU.
E Interface subnet mask.

Question 9

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug: diagnose debug application ike-1 diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

A Phase1; IKE mode configuration; XAuth; phase 2.
B Phase1; XAuth; IKE mode configuration; phase2.
C Phase1; XAuth; phase 2; IKE mode configuration.
D Phase1; IKE mode configuration; phase 2; XAuth.

Question 10

Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?

A Group ID.
B Group name.
C Session pickup.
D Gratuitous ARPs.

Question 11

When does a RADIUS server send an Access-Challenge packet?

A The server does not have the user credentials yet.
B The server requires more information from the user, such as the token code for two-factor authentication.
C The user credentials are wrong.
D The user account is not found in the server.

Question 12

Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)
.
B. The FortiGuard license for the primary unit is updated.
C. One of the monitored interfaces in the primary unit is disconnected.
D. A secondary unit is removed from the HA cluster.

Question 13

The logs in a FSSO collector agent (CA) are showing the following error: failed to connect to registry: PIKA1026 (192.168.12.232)
What can be the reason for this error?

A The CA cannot resolve the name of the workstation.
B The FortiGate cannot resolve the name of the workstation.
C The remote registry service is not running in the workstation 192.168.12.232.
D The CA cannot reach the FortiGate with the IP address 192.168.12.232.

Question 14

Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

A SIP session helper runs in the kernel; SIP ALG runs as a user space process.
B SIP ALG supports SIP HA failover; SIP helper does not.
C SIP ALG supports SIP over IPv6; SIP helper does not.
D SIP ALG can create expected sessions for media traffic; SIP helper does not.
E SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Question 15

Examine the following partial output from a sniffer command; then answer the question below.

diagnose sniff packet any icmp 4

interfaces=[any]
filters=[icmp]
2.101199 wan2 in 192.168.1.110 -> 4.2.2.2: icmp: echo request
2.1011400 wan1 out 172.17.87.16 -> 4.2.2.2: icmp: echo request
.....
2.123500 wan2 out 4.2.2.2 -> 192.168.1.110: icmp: echo reply
244 packets received by filter
5 packets dropped by kernel
What is the meaning of the packets dropped counter at the end of the sniffer?

A Number of packets that didn’t match the sniffer filter.
B Number of total packets dropped by the FortiGate.
C Number of packets that matched the sniffer filter and were dropped by the FortiGate.
D Number of packets that matched the sniffer filter but could not be captured by the sniffer.

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 3 • Questions 1-25 of 71

1 2 3

→

Know a question that should be here? Contribute to this exam

A FortiGate device has the following LDAP configuration:
config user ldap
edit "WindowsLDAP"
set server "10.0.1.10"
set cnid "cn"
set dn "cn=Users, dc=trainingAD, dc=training, dc=lab"
set type regular
set username "dc=trainingAD, dc=training, dc=lab"
set password xxxxxxx
next
end
The administrator executed the 'dsquery' command in the Windows LDAP server 10.0.1.10, and got the following output:
>dsquery user -samid administrator
"CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"
Based on the output, what FortiGate LDAP setting is configured incorrectly?

A cnid.
B username.
C password.
D dn.

Examine the IPsec configuration shown in the exhibit; then answer the question below.

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands: diagnose vpn ike log-filter src-addr4 10.0.10.1 diagnose debug application ike -1 diagnose debug enable
The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn't there any output?

A The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.
B The log-filter setting is set incorrectly. The VPN's traffic does not match this filter.
C The IKE real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.
D The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.

Which statements are true regarding the output in the exhibit? (Choose two.)

A BGP state of the peer 10.125.0.60 is Established.
B BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.
C Local BGP peer has not received an OpenConfirm from 10.200.3.1.
D The local BGP peer has received a total of 3 BGP prefixes.

What is the meaning of the packets dropped counter at the end of the sniffer?

A Number of packets that didn't match the sniffer filter.
B Number of total packets dropped by the FortiGate.
C Number of packets that matched the sniffer filter and were dropped by the FortiGate.
D Number of packets that matched the sniffer filter but could not be captured by the sniffer.

What should the administrator check to fix the problem?

A The connectivity between the FortiGate unit and the DNS server.
B The connectivity between the client workstations and the DNS server.
C That DNS traffic from client workstations is allowed by the explicit web proxy policies.
D That DNS service is enabled in the explicit web proxy interface.

Which statement is true regarding the session in the exhibit?

A It was created by the FortiGate kernel to allow push updates from FotiGuard.
B It is for management traffic terminating at the FortiGate.
C It is for traffic originated from the FortiGate.
D It was created by a session helper or ALG.