Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Refer to the exhibit.

Which three pieces of information does the diagnose sys top command provide? (Choose three.)

A.

The miglogd daemon is running on CPU core ID 0.

B.

The diagnose sys top command has been running for 18 minutes.

C.

The miglogd daemon would be on top of the list, if the administrator pressed m on the keyboard.

D.

The cmdbsvr process is occupying 2.4% of the total user memory space.

E.

If the neweli daemon continues to be in the R state, it will need to be manually restarted.

Refer to the exhibit, which shows the output of the command get router info ospf neighbor.

To what extent does FortiGate operate when looking at its OSPF neighbors? (Choose two.)

A.

The local FortiGate has at least one interface that participates in a broadcast network.

B.

The local FortiGate has at least one interface that participates in a point-to-point network.

C.

The local FortiGate is the DR.

D.

Neighbor 0.0.0.18 is the designated router (DR).

Refer to the exhibit, which contains the output of diagnose vpn tunnel list.

Which command will capture ESP traffic for the VPN named DialUp_0?

A.

diagnose sniffer packet any 'ip proto 50'

B.

diagnose sniffer packet any 'host 10.0.10.10'

C.

diagnose sniffer packet any 'esp and host 10.200.3.2'

D.

diagnose sniffer packet any 'port 4500'

Refer to the exhibit, which shows the output of a policy route table entry.

Which type of policy route does the output show?

A.

An ISDB route

B.

A regular policy route

C.

A regular policy route, which is associated with an active static route in the FIB

D.

An SD-WAN rule

Exhibit.

Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however the web filter is not inspecting any traffic that is passing through the policy.

What must the administrator do to fix the issue?

A.

Disable webfilter-force-off.

B.

Increase webfilter-timeout.

C.

Enable fortiguard-anycast.

D.

Change protocol to TCP.

Refer to the exhibits.

An administrator is attempting to advertise the network configured on port3. However, FGT-A is not receiving the prefix.

Which two actions can the administrator take to fix this problem? (Choose two.)

A.

Modify the prefix using the network command from 172.16.0.0/16 to 172.16.54.0/24.

B.

Manually add the BGP route on FGT-A.

C.

Restart BGP using a soft reset to force both peers to exchange their complete BGP routing tables.

D.

Use the set network-import-check disable command.

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

A.

Set snat-route-change to enable.

B.

Set the priority of the static default route using port2 to 1.

C.

Set preserve-session-route to enable.

D.

Set the priority of the static default route using port1 to 10.

Refer to the exhibit.

An IPsec VPN tunnel is dropping, as shown by the debug output.

Analyzing the debug output, what could be causing the tunnel to go down?

A.

Phase 2 drops but Phase 1 is up.

B.

Dead Peer Detection is not receiving its acknowledge packet.

C.

The tunnel drops during rekey negotiation.

D.

The tunnel drops after the timer expires.

Refer to the exhibit, which shows a partial output of a real-time LDAP debug.

What two conclusions can you draw from the output? (Choose two.)

A.

The user was found in the LDAP tree, whose root is TAC.ottawa.fortinet.com.

B.

FortiOS performs a bind to the LDAP server using the user's credentials.

C.

FortiOS collects the user group information.

D.

FortiOS is performing the second step (Search Request) in the LDAP authentication process.

Which exchange lakes care of DoS protection in IKEv2?

A.

Create_CHILD_SA

B.

IKE_Auth

C.

IKE_Req_INIT

D.

IKE_SA_NIT