New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Refer to the exhibit, which shows the output of get system ha status. NGFW-1 and NGFW-2 have been up for a week.

Which two statements about the output are true? (Choose two.)

A.

If FGVM...649 is rebooted, FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.

B.

If no action is taken, the primary FortiGate will leave the cluster due to the current sync status.

C.

If port7 becomes disconnected on the secondary, both FortiGate devices will elect itself the primary.

D.

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

View the exhibit, which contains the output of a diagnose command, and then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

A.

FortiGate will probe 121.111.236.179 every fifteen minutes for a response.

B.

Servers with the D flag are considered to be down.

C.

Servers with a negative TZ value are experiencing a service outage.

D.

FortiGate used 209.222.147.3 as the initial server to validate its contract.

Which action will FortiGate take when using the default settings for SSL certificate inspection, where the server name indication (SNI) does not match either the common name (CN) or any of the subject altemative names (SAN) in the server certificate?

A.

FortiGate uses the CN information from the Subject field in the server certificate.

B.

FortiGate uses the first entry listed in the SAN field in the server certificate.

C.

FortiGate uses the SNI from the user's web browser.

D.

FortiGate closes the connection because this represents an invalid SSL/TLS configuration.

What is the diagnose test application ipsmenitor 5 command used for?

A.

To enable IPS bypass mode

B.

To disable the IPS engine

C.

To restart all IPS engines and monitors

D.

To provide information regarding IPS sessions

Refer to the exhibit, which shows a partial web filter profile configuration.

Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

A.

FortiGate will block the connection, based on the FortiGuard category based filter configuration.

B.

FortiGate will block the connection as an invalid URL.

C.

FortiGate will exempt the connection, based on the Web Content Filter configuration.

D.

FortiGate will allow the connection, based on the URL Filter configuration.

Examine the IPsec configuration shown in the exhibit; then answer the question below.

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:

diagnose vpn ike log-filter src-addr4 10.0.10.1

diagnose debug application ike -1

diagnose debug enable

The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn’t there any output?

A.

The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.

B.

The log-filter setting is set incorrectly. The VPN’s traffic does not match this filter.

C.

The IKE real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.

D.

The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.

View these partial outputs from two routing debug commands:

Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?

A.

Both port1 and port2

B.

port3

C.

port1

D.

port2

What does the dirty flag mean in a FortiGate session configured for NGFW policy mode?

A.

The existing session table entry has been updated with the app_id and the firewall policy table needs to be checked for a match.

B.

The application or URL category is unknown and needs to be rescanned by the IPS engine to try to identify the Layer 7 details.

C.

The URL category for this session has been updated by FortiGuard and the session needs to be checked against the policy again to ensure proper web filtering is applied.

D.

Traffic has been identified as coming from an application that is not allowed and the relevant replacement message needs to be displayed to the user, if configured.

Refer to the exhibit, which shows a central management configuration.

Which server will FortiGate choose for web filter rating requests, if 10.0.1.240 is experiencing an outage?

A.

Public FortiGuard servers

B.

10.0.1.243

C.

10.0.1.242

D.

10.0.1.244

Examine the following partial outputs from two routing debug commands; then answer the question below.

# get router info kernel

tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0

gwy=10.200.1.254 dev=2(port1)

tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0

gwy=10.200.2.254 dev=3(port2)

tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254

gwy=0.0.0.0 dev=4(port3)

# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2, [10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2

Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?

A.

port!

B.

port2.

C.

Both portl and port2.

D.

port3.