Go back to Fortinet
A static route is configured for a FortiGate unit from the CLI using the following commands: config router static edit 1 set device "wan1" set distance 20 set gateway 192.168.100.1 next end Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit's routing table?
You must disable DHCP client on that interface.
Which of the following represents the correct order of criteria used for the selection of a Master unit within a FortiGate High Availability (HA) cluster when master override is disabled?
1. port monitor, 2. up time, 3. unit priority, 4. serial number
Which of the following items are considered to be advantages of using the application control features on the FortiGate unit? Application control allows an administor to:
set a unique session-ttl for select applications.
When performing a log search on a FortiAnalyzer, It is generally recommended to use the Quick Search option what is a valid reason for using the Full Search option, instead?
The search items you are looking for are not contained in indexed log fields.
How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.)
File TypE. Archive(zip)
File NamE. "*.pptx", "*.docx", "*.xlsx"
When the SSL proxy inspects the server certificate for Web Filtering only in SSL Handshake mode, which certificate field is being used to determine the site rating?
Which of the following represents the method used on a FortiGate unit running FortiOS version 4.2 to apply traffic shaping to P2P traffic, such as BitTorrent?
Apply a Traffic Shaper to a BitTorrent entry in an Application Control List.
Which of the following DLP actions will override any other action?
When configuring a server load balanced virtual IP, which of the following is the best distribution algorithm to be used in applications where the same physical destination server must be maintained between sessions?
Which of the following statements is correct regarding the NAC Quarantine feature?
NAC quarantine allows administrators to isolate clients whose network activity poses a security risk.
Based on the configuration settings displayed below, which of the following statements are correct? config system session-ttl set default 7200 config port edit 540 set timeout 3600 next end end Select all that apply.
The default session-ttl for all TCP ports is 7200 seconds.
The default session-ttl does not apply to ICMP and UDP.
The session-ttl for TCP 540 is 3600 seconds.
An administrator has formed a High Availability cluster involving two FortiGate 310B units. [Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ] The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster. Which of the following options describes the best step the administrator can take? The administrator should...
set up a full-mesh design which uses redundant interfaces.
In Transparent Mode, forward-domain is an attribute of ______________.
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully- meshed set of IPSec tunnels? (Select all that apply.)
Using a hub and spoke topology simplifies configuration because fewer tunnels are required.
The routing at a spoke is simpler, compared to a meshed node.
Which of the following statements are correct about the HA diag command diagnose sys ha reset-uptime? (Select all that apply.)
The device this command is executed on is likely to switch from master to slave status if master override is disabled.
This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected.
Which of the following statements best decribes the proxy behavior on a FortiGate unit during an FTP client upload when FTP splice is disabled?
The proxy buffers the entire file from the client, only sending the file to the server if the file is clean. One possible consequence of buffering is that the server could time out.
Which of the following methods does the FortiGate unit use to determine the availability of a web cache using Web Cache Communication Protocol (WCCP)?
The FortiGate using uses the health check monitor to verify the availability of a web cache server.
Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.) config ips sensor edit "LINUX_SERVER" set comment '' set replacemsg-group '' set log enable config entries edit 1 set action default set application all set location server set log enable set log-packet enable set os Linux set protocol all set quarantine none set severity all set status default next end next end
The sensor will include a PCAP file with a trace of the matching packets in the log message of any matched signature.
The sensor only filters which IPS signatures to apply to the selected firewall policy.
Both the FortiGate and FortiAnalyzer units can notify administrators when certain alert conditions are met. Considering this, which of the following statements is NOT correct?
On a FortiAnalyzer device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two.
With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent. If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.)
The login event is sent to the Collector Agent.
The Collector Agent performs the DNS lookup for the authenticated client's IP address.
Which of the following report templates must be used when scheduling report generation?
Data filter template
A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity. The following troubleshooting commands are executed from the DOS prompt on the PC and from the CLI. C:\>ping 10.0.1,1 Pinging 10.0.1.1 with 32 bytes of data: Reply from 10.0.1.1: bytes=32 time=lms TTL=255 Reply from 10.0.1.1: bytes=32 time<lms TTL=255 Reply from 10,0.1.1: bytes=32 time<lms TTL=255 Reply from 10.0.1.1: bytes=32 time<lms TTL=255 userl # get system interface == [ internal ] name: internal mode: static ip: 10.0.1.254 255.255.255.128 status: up netbios—forward: disable type: physical mtu-override: disable = [ vla.nl ] name: vlanl mode: static ip: 10.0.1.1 255.255.255.128 status: up netb Iios-forward: disable type: vlan mtu-override: disable userl # diagnose debug flow trace start 100 userl # diagnose debug ena userl # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1 id=20085 trace_id=274 msg=vd-root received a packet (proto=6, 10. 0.1.130:47927->10.0.1.1:443) from internal." Id=20085 trace_id=27 4 msg="allocate a new session-00000b1b" trace_id=274 msg-“find SNAT: IP-10.0.1.1, port-43798" id=20085 trace_id=274 msg=”iprope_in_check() check failed, drop" Based on output from these commands, which of the following explanations is a possible cause of the problem?
The FortiGate unit does not have the HTTPS service configured on the VLAN1 interface.
Which of the following describes the difference between the ban and quarantine actions?
A ban action prevents future transactions using the same protocol which triggered the ban. A qarantine action blocks all future transactions, regardless of the protocol.
Which of the following features could be used by an administrator to block FTP uploads while still allowing FTP downloads?
Data Leak Prevention
An issue could potentially occur when clicking Connect to start tunnel mode SSL VPN. The tunnel will start up for a few seconds, then shut down. Which of the following statements best describes how to resolve this issue?
This FortiGate unit may have multiple Internet connections. To avoid this problem, use the appropriate CLI command to bind the SSL VPN connection to the original incoming interface.
When performing a log search on a FortiAnalyzer, it is generally recommended to use the Quick Search option. What is a valid reason for using the Full Search option, instead?
The search items you are looking for are not contained in indexed log fields.
WAN optimization is configured in Active/Passive mode. When will the remote peer accept an attempt to initiate a tunnel?
The attempt will be accepted when the request comes from a known peer and there is a matching WAN optimization passive rule.
Which of the following statements is correct regarding the antivirus scanning function on the FortiGate unit?
Antivirus scanning supports grayware protection.
Which of the following cannot be used in conjunction with the endpoint compliance check?
HTTP Challenge Redirect to a Secure Channel (HTTPS) in the Authentication Settings.
The FortiGate Server Authentication Extensions (FSAE) provide a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory. Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply.)
An FSAE Domain Controller Agent must be installed on every domain controller.
The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.
Which of the following statements correctly describes the deep scan option for HTTPS?
When deep scan is disabled, only the web server certificate is inspected; no decryption of content occurs.
Identify the statement which correctly describes the output of the following command: diagnose ips anomaly list
List the real-time counters for the configured DoS policy.
The Host Check feature can be enabled on the FortiGate unit for SSL VPN connections. When this feature is enabled, the FortiGate unit probes the remote host compute" to verify that it is “safe” before access is granted. Which of the following items is NOT an option as part of the Host Check feature?
Microsoft Windows Firewall software
In which of the following report templates would you configure the charts to be included in the report?
In the Tunnel Mode widget of the web portal, the administrator has configured an IP Pool and enabled split tunneling. Which of the following statements is true about the IP address used by the SSL VPN client?
The IP pool specified in the SSL-VPN Tunnel Mode Widget Options will override the IP address range defined in the SSL-VPN Settings.
Identify the correct properties of a partial mesh VPN deployment:
VPN tunnels are not configured between every single location.
Some locations are reached via a hub location.
Which of the following statements are correct regarding the configuration of a FortiGate unit as an SSL VPN gateway? (Select all that apply.)
In order to apply a portal to a user, that user must belong to an SSL VPN user group.
The portal settings specify whether the connection will operate in web-only or tunnel mode.
Which of the following statements is not correct regarding virtual domains (VDOMs)?
A backup management VDOM will synchronize the configuration from an active management VDOM.
SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection?
No file buffering is needed since a stream-based approach is used for SSL content inspection.
An administrator is examining the attack logs and notices the following entry: device_id=FG100A3907508962 log_id=18432 subtype=anomaly type=ips timestamp=1270017358 pri=alert itime=1270017893 severity=critical src=192.168.1.52 dst=126.96.36.199 src_int=internal serial=0 status=clear_session proto=6 service=http vd=root count=1 src_port=35094 dst_port=80 attack_id=100663402 sensor=protect-servers ref=http://www.fortinet.com/ids/VID100663402 msg="anomaly: tcp_src_session, 2 > threshold 1" policyid=0 carrier_ep=N/A profile=N/A dst_int=N/A user=N/A group=N/A Based solely upon this log message, which of the following statements is correct?
This attack was caught by the DoS sensor "protect-servers".
Which of the following statements is correct about configuring web filtering overrides?
Using Web Filtering Overrides requires the use of Firewall Policy Authentication.
A FortiGate unit is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root. Which of the following items would an administrator logging in using this account NOT be able to configure?
FortiGuard Distribution Network configuration
In order to load-share traffic using multiple static routes, the routes must be configured with ...
the same distance and same priority.
An administrator has formed a High Availability cluster involving two FortiGate 310B units. [ Multiple ipstream Layer 2 switches] - [ FortiGate HA Cluster ] - [ Multiple downstream Layer 2 switches ] The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this duster. Which of the following options describes the best step the administrator can take? The administrator should...
setup a full-mesh design which uses redundant interfaces
Which spam filter is not available on a FortiGate device?
Spam grey listing
In a High Availability configuration operating In Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session?
Request: Internal Host -> Master FG -> Slave FG -> Master FG -> Internet -> Web Server
Which of the following statements are correct regarding Application Control?
Application Control is based on the IPS engine.
Application Control can be applied to SSL encrypted traffic.
Which of the following statements best describes how to configure a FortiGate unit to protect against IP address spoofing?
No additional configuration is required as IP address spoofing protection is handled by reverse routing lookups.
Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit?
Which of the following statements is correct about how the FortiGate unit verifies username and password during user authentication?
An administrator can define a local account for which the password must be verified by querying a remote server.