Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.

Which DPD mode on FortiGate will meet the above requirement?

A.

Disabled

B.

On Demand

C.

Enabled

D.

On Idle

You have enabled logging on a FortiGate device for event logs and all security logs, and you have set up logging to use the FortiGate local disk.

What is the default behavior when the local disk is full?

A.

No new log is recorded after the warning is issued when log disk use reaches the threshold of 95%.

B.

No new log is recorded until you manually clear logs from the local disk.

C.

Logs are overwritten and the first warning is issued when log disk use reaches the threshold of 75%.

D.

Logs are overwritten and the only warning is issued when log disk use reaches the threshold of 95%.

73

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

A.

IP address

B.

Once Internet Service is selected, no other object can be added

C.

User or User Group

D.

FQDN address

Refer to the exhibit showing a debug flow output.

Which two statements about the debug flow output are correct? (Choose two.)

A.

The debug flow is of ICMP traffic.

B.

A firewall policy allowed the connection.

C.

A new traffic session is created.

D.

The default route is required to receive a reply.

99

An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achieve this objective?

A.

The administrator can register the same FortiToken on more than one FortiGate.

B.

The administrator must use a FortiAuthenticator device

C.

The administrator can use a third-party radius OTP server.

D.

The administrator must use the user self-registration server.

In an explicit proxy setup, where is the authentication method and database configured?

A.

Proxy Policy

B.

Authentication Rule

C.

Firewall Policy

D.

Authentication scheme

53

Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

A.

The public key of the web server certificate must be installed on the browser.

B.

The web-server certificate must be installed on the browser.

C.

The CA certificate that signed the web-server certificate must be installed on the browser.

D.

The private key of the CA certificate that signed the browser certificate must be installed on the browser.

113

What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

A.

Full Content inspection

B.

Proxy-based inspection

C.

Certificate inspection

D.

Flow-based inspection

27

Which feature in the Security Fabric takes one or more actions based on event triggers?

A.

Fabric Connectors

B.

Automation Stitches

C.

Security Rating

D.

Logical Topology

108

Which statement about the IP authentication header (AH) used by IPsec is true?

A.

AH does not provide any data integrity or encryption.

B.

AH does not support perfect forward secrecy.

C.

AH provides data integrity bur no encryption.

D.

AH provides strong data integrity but weak encryption.