Refer to the exhibit.
Answer : BD
References:
https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/761085/results https://docs.fortinet.com/document/fortimanager/6.2.0/new-features/736125/security-fabric-topology
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.
What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?
Answer : A
Explanation:
Dialup user is used when the remote peer's IP address is unknown. The remote peer whose IP address is unknown acts as the dialup clien and this is often the case for branch offices and mobile VPN clients that use dynamic IP address and no dynamic DNS
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet the above requirement?
Answer : C
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD40813
Which three statements about a flow-based antivirus profile are correct? (Choose three.)
Answer : BDE
Reference:
https://forum.fortinet.com/tm.aspx?m=192309
An administrator has configured a strict RPF check on FortiGate.
Which statement is true about the strict RPF check?
Answer : B
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD33955
Refer to the exhibit.
Answer : A
Refer to the exhibit.
Answer : AC
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)
Answer : AD
Reference:
https://www.reddit.com/r/fortinet/comments/c7j6jg/recommended_ssl_cert/
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.
What is the reason for the failed virus detection by FortiGate?
Answer : B
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)
Answer : BC
Reference:
https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/995103/building-security-into-fortios
Refer to the exhibit.
Answer : CD
Which statement about the policy ID number of a firewall policy is true?
Answer : D
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)
Answer : AB
Refer to the exhibits.
Exhibit A.
Answer : D
Explanation:
The lock logo behind Facebook_like.Button indicates that SSL Deep Inspection is Required.
When configuring a firewall virtual wire pair policy, which following statement is true?
Answer : C
Have any questions or issues ? Please dont hesitate to contact us