New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:

Which statements are true regarding the output in the exhibit? (Choose two.)

A.

BGP peers have successfully interchanged Open and Keepalive messages.

B.

Local BGP peer received a prefix for a default route.

C.

The state of the remote BGP peer is OpenConfirm.

D.

The state of the remote BGP peer will go to Connect after it confirms the received prefixes.

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

A.

The initiator provided remote as its IPsec peer ID.

B.

It shows a phase 2 negotiation.

C.

Perfect Forward Secrecy (PFS) is enabled in the configuration.

D.

The local gateway IP address is 10.0.0.1.

Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Based on the output, which two statements are correct? (Choose two.)

A.

Phase 2 authentication is set to sha1 on both sides.

B.

Anti-replay is disabled.

C.

Hub2Spoke1 is a policy-based VPN.

D.

Hub2Spoke1 is configured on interface wan2.

Refer to the exhibit, which contains the debug output of diagnose dvm device list.

Which two statements about the output shown in the exhibit are correct? (Choose two.)

A.

ADOMs are disabled on the FortiManager

B.

The FortiGate configuration is in sync with latest running revision history.

C.

There are pending device-level changes yet to be installed on Local-FortiGate.

D.

The policy package has been modified for Local-FortiGate.

Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

A.

SIP session helper runs in the kernel; SIP ALG runs as a user space process.

B.

SIP ALG supports SIP HA failover; SIP helper does not.

C.

SIP ALG supports SIP over IPv6; SIP helper does not.

D.

SIP ALG can create expected sessions for media traffic; SIP helper does not.

E.

SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Which two configuration commands change the default behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

A.

set av-failopen off

B.

set av-failopen pass

C.

set fail-open enable

D.

set ips fail-open disable

Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

A.

BGP state of the peer 10.125.0.60 is Established.

B.

BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.

C.

Local BGP peer has not received an OpenConfirm from 10.200.3.1.

D.

The local BGP peer has received a total of 3 BGP prefixes.

Refer to the exhibits.

Which contain the partial configurations of two VPNs on FortiGate.

An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, the administrator discovered that FortiGate is not matching the user-2 VPN for members of the Users-2 group.

Which two changes must administrator make to fix the issue? (Choose two.)

A.

Use different pre-shared keys on both VPNs

B.

Enable Mode Config on both VPNs.

C.

Set up specific peer IDs on both VPNs.

D.

Change to aggressive mode on both VPNs.

View the IPS exit log, and then answer the question below.

# diagnose test application ipsmonitor 3

ipsengine exit log”

pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017

code = 11, reason: manual

What is the status of IPS on this FortiGate?

A.

IPS engine memory consumption has exceeded the model-specific predefined value.

B.

IPS daemon experienced a crash.

C.

There are communication problems between the IPS engine and the management database.

D.

All IPS-related features have been disabled in FortiGate’s configuration.

Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

A.

IPS failopen

B.

mem failopen

C.

AV failopen

D.

UTM failopen