Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Refer to the exhibits.

The exhibits show the system performance output and default configuration of high memory usage thresholds on a FortiGate device.

Based on the system performance output, what are the two possible outcomes? (Choose two.)

A.

FortiGate has entered conserve mode.

B.

Administrators can access FortiGate only through the console port.

C.

Administrators can change the configuration.

D.

FortiGate drops new sessions.

Refer to the exhibits.

An administrator wants to add HQ-ISFW-2 in the Security Fabric. HQ-ISFW-2 is in the same subnet as HQ-ISFW. After configuring the Security Fabric settings on HQ-ISFW-2, the status staysPending.

What can be the two possible reasons? (Choose two.)

A.

Upstream FortiGate IP must be set to 10.0.11.254.

B.

SAML Single Sign-On must be set to Manual.

C.

HQ-ISFW-2 must be authorized on HQ-ISFW.

D.

Management IP must be set to 10.0.13.254.

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)

A.

On BR1-FGT, set Seconds to 43200.

B.

On HQ-NGFW, enable Diffie-Hellman Group 2.

C.

On BR1-FGT, set Remote Address to 10.0.11.0/255.255.255.0

D.

On HQ-NGFW. set Encryption to AES256

An administrator wanted to configure an IPS sensor to block traffic that triggers a signature set number of times during a specific time period.

How can the administrator achieve the objective?

A.

Use IPS group signatures, set rate-mode 60.

B.

Use IPS packet logging option with periodical filter option.

C.

Use IPS filter, rate-mode periodical option.

D.

Use IPS filter, rate-mode periodical option.

A FortiGate firewall policy is configured with active authentication, however, the user cannot authenticate when accessing a website.

Which protocol must FortiGate allow even though the user cannot authenticate?

A.

LDAP

B.

TACASC+

C.

Kerberos

D.

DNS

When configuring a FortiGate in a multi-WAN setup, why would an administrator enable session preservation on an interface?

A.

To allow the FortiGate to dynamically change interfaces for all active sessions when a WAN link fails

B.

To make sure all sessions without source NAT enabled always use the primary WAN link

C.

To improve security by forcing users to authenticate again when the WAN link changes

D.

To ensure that existing SSL VPN connections remain on the same interface even if route changes occur

Which two statements describe characteristics of automation stitches? (Choose two.)

A.

Actions involve only devices included in the Security Fabric.

B.

An automation stitch can have multiple triggers.

C.

Multiple actions can run in parallel.

D.

Triggers can involve external connectors.

Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

A.

FortiGate continues to run critical security actions, such as quarantine.

B.

FortiGate refuses to accept configuration changes.

C.

FortiGate halts complete system operation and requires a reboot to regain available resources.

D.

FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.

Refer to the exhibit.

Based on this partial configuration, what are the two possible outcomes when FortiGate enters conserve mode? (Choose two.)

A.

Administrators cannot change the configuration.

B.

FortiGate skips quarantine actions.

C.

Administrators must restart FortiGate to allow new session.

D.

FortiGate drops new sessions requiring inspection.

An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbound traffic.

Which DPD mode on FortiGate meets this requirement?

A.

Enabled

B.

On Idle

C.

Disabled

D.

On Demand