NO.1 Which statement about the IP authentication header (AH) used by IPsec is true?
A. AH does not provide any data integrity or encryption.
B. AH does not support perfect forward secrecy.
C. AH provides data integrity but no encryption.
D. AH provides strong data integrity but weak encryption.
NO.2 An administrator needs to create an SSL-VPN connection for accessing an internal server usin
...[Show More]
NO.1 Which statement about the IP authentication header (AH) used by IPsec is true?
A. AH does not provide any data integrity or encryption.
B. AH does not support perfect forward secrecy.
C. AH provides data integrity but no encryption.
D. AH provides strong data integrity but weak encryption.
NO.2 An administrator needs to create an SSL-VPN connection for accessing an internal server using
the bookmark Port Forward. What step is required for this configuration?
A. Configure an SSL VPN realm for clients to use the port forward bookmark.
B. Configure the client application to forward IP traffic through FortiClient.
C. Configure the virtual IP address to be assigned t the SSL VPN users.
D. Configure the client application to forward IP traffic to a Java applet proxy.
NO.3 When override is enabled, which of the following shows the process and selection criteria that
are used to elect the primary FortiGate in an HA cluster?
A. Connected monitored ports > HA uptime > priority > serial number
B. Priority > Connected monitored ports > HA uptime > serial number
C. Connected monitored ports > priority > HA uptime > serial number
D. HA uptime > priority > Connected monitored ports > serial number
NO.4 Which statements about HA for FortiGate devices are true? (Choose two.)
A. Sessions handled by proxy-based security profiles cannot be synchronized.
B. Virtual clustering can be configured between two FortiGate devices that have multiple VDOMs.
C. HA management interface settings are synchronized between cluster members.
D. Heartbeat interfaces are not required on the primary device.
NO.5 What types of traffic and attacks can be blocked by a web application firewall (WAF) profile?
(Choose three.)
A. Traffic to botnet servers
B. Traffic to inappropriate web sites
C. Server information disclosure attacks
D. Credit card data leaks
E. SQL injection attacks
NO.6 Examine the exhibit, which contains a virtual IP and firewall policy configuration.
IT Certification Guaranteed, The Easy Way!
2
The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP
address
10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy
is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the
IT Certification Guaranteed, The Easy Way!
3
IP address 10.0.1.10/24?
A. 10.200.1.10
B. Any available IP address in the WAN (port1) subnet 10.200.1.0/24
C. 10.200.1.1
D. 10.0.1.254
NO.7 Which of the following statements about virtual domains (VDOMs) are true? (Choose two.)
A. The root VDOM is the management VDOM by default.
B. A FortiGate device has 64 VDOMs, created by default.
C. Each VDOM maintains its own system time.
D. Each VDOM maintains its own routing table.
NO.8 A team manager has decided that while some members of the team need access to particular
website, the majority of the team does not. Which configuration option is the most effective option
to support this request?
A. Implement a web filter category override for the specified website.
B. Implement web filter authentication for the specified website
C. Implement web filter quotas for the specified website.
D. Implement DNS filter for the specified website.
NO.9 Examine the network diagram and the existing FGTI routing table shown in the exhibit, and
then answer the following question:
An administrator has added the following static route on FGTI.
IT Certification Guaranteed, The Easy Way!
4
Since the change, the new static route is not showing up in the routing table. Given the information
provided, which of the following describes the cause of this problem?
A. The new route's destination subnet overlaps an existing route.
B. The new route's Distance value should be higher than 10.
C. The Gateway IP address is not in the same subnet as port1.
D. The Priority is 0, which means that this route will remain inactive.
NO.10 Which statement about DLP on FortiGate is true?
A. It can archive files and messages.
B. It can be applied to a firewall policy in a flow-based VDOM
C. Traffic shaping can be applied to DLP sensors.
D. Files can be sent to FortiSandbox for detecting DLP threats.
NO.11 Which statement is true regarding the policy ID number of a firewall policy?
A. Defines the order in which rules are processed.
B. Represents the number of objects used in the firewall policy.
C. Required to modify a firewall policy using the CLI.
D. Changes when firewall policies are reordered.
NO.12 What FortiGate components are tested during the hardware test? (Choose three.)
A. Administrative access
B. HA heartbeat
C. CPU
[Show Less]
