Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

Refer to the exhibit, which shows a command output.

FortiGate_A and FortiGate_B are members of an FGSP cluster in an enterprise network.

While testing the cluster using the ping command, the administrator monitors packet loss and found that the session output on FortiGate_B is as shown in the exhibit.

What could be the cause of this output on FortiGate_B?

A.

The session synchronization is encrypted.

B.

session-pickup-connectionless is set to disable on FortiGate_B.

C.

FortiGate_B is configured in passive mode.

D.

FortiGate_A and FortiGate_B have the same standalone-group-id value.

Refer to the exhibits.

The Administrators section of a root FortiGate device and the Security Fabric Settings section of a downstream FortiGate device are shown.

When prompted to sign in with Security Fabric in the downstream FortiGate device, a user enters the AdminSSO credentials.

What is the next status for the user?

A.

The user is prompted to create an SSO administrator account for AdminSSO.

B.

The user receives an authentication failure message.

C.

The user accesses the downstream FortiGate with super_admin_readonly privileges.

D.

The user accesses the downstream FortiGate with super_admin privileges.

Refer to the exhibit.

An administrator is deploying a hub and spokes network and using OSPF as dynamic protocol.

Which configuration is mandatory for neighbor adjacency?

A.

Set bfd enable in the router configuration

B.

Set network-type point-to-multipoint in the hub interface

C.

Set rfc1583-compatible enable in the router configuration

D.

Set virtual-link enable in the hub interface

An administrator must minimize CPU and RAM use on a FortiGate firewall while also enabling essential security features, such as web filtering and application control for HTTPS traffic.

Which SSL inspection setting helps reduce system load while also enabling security features, such as web filtering and application control for encrypted HTTPS traffic?

A.

Use full SSL inspection to thoroughly inspect encrypted payloads.

B.

Disable SSL inspection entirely to conserve resources.

C.

Configure SSL inspection to handle HTTPS traffic efficiently.

D.

Enable SSL certificate inspection mode to perform basic checks without decrypting traffic.

Refer to the exhibits.

The configuration of a user's Windows PC, which has a default MTU of 1500 bytes, along with FortiGate interfaces set to an MTU of1000bytes, and the results of PC1 pinging server172.16.0.254are shown.

Why is the user in Windows PC1 unable to ping server172.16.0.254and is seeing the message:Packet needs to be fragmented but DF set?

A.

Option ip.flags.mf must be set to enable on FortiGate. The user has to adjust the ping MTU to 1000 to succeed.

B.

Fragmented packets must be encrypted. To connect any application successfully, the user must install the Fortinet_CA certificate in the Microsoft Management Console.

C.

FortiGate honors the do not fragment bit and the packets are dropped. The user has to adjust the ping MTU to 972 to succeed.

D.

The user must trigger different traffic because path MTU discovery techniques do not recognize ICMP payloads.

Refer to the exhibit, which shows a corporate network and a new remote office network.

An administrator must integrate the new remote office network with the corporate enterprise network.

What must the administrator do to allow routing between the two networks?

A.

The administrator must implement BGP to inject the new remote office network into the corporate FortiGate device

B.

The administrator must configure a static route to the subnet 192.168.l.0/24 on the corporate FortiGate device.

C.

The administrator must configure virtual links on both FortiGate devices.

D.

The administrator must implement OSPF over IPsec on both FortiGate devices.

Refer to the exhibit, which shows theADVPNIPsec interface representing the VPN IPsec phase 1 from Hub A to Spoke 1 and Spoke 2, and from Hub В to Spoke 3 and Spoke 4.

An administrator must configure an ADVPN using IBGP and EBGP to connect overlay network 1 with 2.

What must the administrator configure in the phase 1 VPN IPsec configuration of theADVPNtunnels?

A.

set auto-discovery-sender enable and set network-id x

B.

set auto-discovery-forwarder enable and set remote-as x

C.

set auto-discovery-crossover enable and set enforce-multihop enable

D.

set auto-discovery-receiver enable and set npu-offload enable

Refer to the exhibit, which contains a partial VPN configuration.

What can you conclude from this VPN IPsec phase 1 configuration?

A.

This configuration is the best for networks with regular traffic intervals, providing a balance between connectivity assurance and resource utilization.

B.

Peer IDs are unencrypted and exposed, creating a security risk.

C.

FortiGate will not add a route to its routing or forwarding information base when the dynamic tunnel is negotiated.

D.

A separate interface is created for each dial-up tunnel, which can be slower and more resource intensive, especially in large networks.

An administrator must enable direct communication between multiple spokes in a company's network. Each spoke has more than one internet connection.

The requirement is for the spokes to connect directly without passing through the hub, and for the links to automatically switch to the best available connection.

How can this automatic detection and optimal link utilization between spokes be achieved?

A.

Set up OSPF routing over static VPN tunnels between spokes.

B.

Utilize ADVPN 2.0 to facilitate dynamic direct tunnels and automatic link optimization.

C.

Establish static VPN tunnels between spokes with predefined backup routes.

D.

Implement SD-WAN policies at the hub to manage spoke link quality.

Refer to the exhibit, which shows an ADVPN network.

The client behind Spoke-1 generates traffic to the device located behind Spoke-2.

What is the first message that the hub sends to Spoke-1 to bring up the dynamic tunnel?

A.

Shortcut query

B.

Shortcut offer

C.

Shortcut reply

D.

Shortcut forward