New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway.

Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?

A.

In the phase 1 network configuration, set the IKE version to 2.

B.

In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.

C.

In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.

D.

In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

A.

Finance and banking

B.

General organization.

C.

Business.

D.

Information technology.

Refer to the exhibit, which shows the output of a diagnose command.

What can be concluded about the debug output in this scenario?

A.

Servers with a negative TZ value are less preferred for rating requests.

B.

There is a natural correlation between the value in the Packets field and the value in the Weight field.

C.

FortiGate used 64.26.151.37 as the initial server to validate its contract.

D.

The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121.111.236.179.

View the central management configuration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

A.

10.0.1.240

B.

One of the public FortiGuard distribution servers

C.

10.0.1.244

D.

10.0.1.242

Exhibits:

Refer to the exhibits, which contain the network topology and BGP configuration for a hub.

An administrator is trying to configure ADVPN with a hub-spoke VPN setup using iBGP. All the VPNs are up and connected to the hub. The hub is receiving route information from both spokes over iBGP; however, the spokes are not receiving route information from each other.

What change must the administrator make to the hub BGP configuration so that the routes learned by one spoke are forwarded to the other spokes?

A.

Configure an individual neighbor and remove neighbor-range configuration.

B.

Configure the hub as a route reflector client.

C.

Change the router id to 10.1.0.254.

D.

Make the configuration of remote-as different from the configuration of local-as.

Refer to the exhibit, which shows the output of a web filtering diagnose command.

Which configuration change would result in non-zero results in the cache statistics section?

A.

set server-type rating under config system central-management

B.

set webfilter-cache enable under config system fortiguard

C.

set webfilter-force-off disable under config system fortiguard

D.

set ngfw-mode policy-based under config system settings

What are two functions of automation stitches? (Choose two.)

A.

Automation stitches can be configured on any FortiGate device in a Security Fabric environment.

B.

An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

C.

Automation stitches can be created to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

D.

An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

View the exhibit, which contains the output of a debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

A.

In the network on port4, two OSPF routers are down.

B.

Port4 is connected to the OSPF backbone area.

C.

The local FortiGate’s OSPF router ID is 0.0.0.4

D.

The local FortiGate has been elected as the OSPF backup designated router.

Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?

A.

Group ID.

B.

Group name.

C.

Session pickup.

D.

Gratuitous ARPs.

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?

A.

Change phase 1 encryption to 3DES and authentication to SHA128.

B.

Change phase 1 encryption to AES128 and authentication to SHA512.

C.

Change phase 1 encryption to AESCBC and authentication to SHA2.

D.

Change phase 1 encryption to AES256 and authentication to SHA256.