Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Refer to the exhibit.

Which contains a network diagram and routing table output.

The Student is unable to access Webserver.

What is the cause of the problem and what is the solution for the problem?

A.

The first packet sent from Student failed the RPF check.

This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.

B.

The first reply packet for Student failed the RPF check.

This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.

C.

The first reply packet for Student failed the RPF check .

This issue can be resolved by adding a static route to 203.0. 114.24/32 through port3.

D.

The first packet sent from Student failed the RPF check.

This issue can be resolved by adding a static route to 203.0. 114.24/32 through port3.

Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

A.

Browsers can be configured to retrieve this PAC file from the FortiGate.

B.

Any web request to the 172.25. 120.0/24 subnet is allowed to bypass the proxy.

C.

All requests not made to Fortinet.com or the 172.25. 120.0/24 subnet, have to go through altproxy.corp.com: 8060.

D.

Any web request fortinet.com is allowed to bypass the proxy.

30

A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

A.

Implement a web filter category override for the specified website

B.

Implement a DNS filter for the specified website.

C.

Implement web filter quotas for the specified website

D.

Implement web filter authentication for the specified website.

17

Refer to the exhibit.

An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic.

Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.)

A.

The Detection Mode setting is not set to Passive.

B.

Administrator didn't configure a gateway for the SD-WAN members, or configured gateway is not valid.

C.

The configured participants are not SD-WAN members.

D.

The Enable probe packets setting is not enabled.

Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

A.

By default, FortiGate uses WINS servers to resolve names.

B.

By default, the SSL VPN portal requires the installation of a client's certificate.

C.

By default, split tunneling is enabled.

D.

By default, the admin GUI and SSL VPN portal use the same HTTPS port.

58

Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit.

Which three pieces of information are included in the sniffer output? (Choose three.)

A.

Interface name

B.

Ethernet header

C.

IP header

D.

Application header

E.

Packet payload

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.

What is the reason for the certificate warning errors?

A.

The matching firewall policy is set to proxy inspection mode.

B.

The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.

C.

The full SSL inspection feature does not have a valid license.

D.

The browser does not trust the certificate used by FortiGate for SSL inspection.

40

Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

A.

diagnose wad session list

B.

diagnose wad session list | grep hook-pre&&hook-out

C.

diagnose wad session list | grep hook=pre&&hook=out

D.

diagnose wad session list | grep "hook=pre"&"hook=out"

Refer to the exhibit.

An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option.

What is the impact of using the Include in every user group option in a RADIUS configuration?

A.

This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group.

B.

This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case, is FortiAuthenticator.

C.

This option places all users into every RADIUS user group, including groups that are used for the LDAP server on FortiGate.

D.

This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group.

20

Which two statements are true about the RPF check? (Choose two.)

A.

The RPF check is run on the first sent packet of any new session.

B.

The RPF check is run on the first reply packet of any new session.

C.

The RPF check is run on the first sent and reply packet of any new session.

D.

RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.