Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

An administrator configured the following command on FortiGate

config router ospf

sec reszart-mode graceful-restart

Which two statements correctly describe the result of the above command? (Choose two.)

A.

FortiGate is configured with graceful restart and will exit graceful mode, if the network topology changes

B.

After the default 40 seconds wait time the OSPF neighbors will resume communication with the restarting router

C.

The OSPF neighbor that receives the grace link-state advertisement (LSA) will enter into helper mode

D.

In an HA cluster FortiGate devices will keep the OSPF routes in their routing table to avoid traffic interruption during an HA failover

Exhibit.

ISFW is installed in the access layer NGFW is performing SNAT and web tittering DCFW is running IPS Which two statements are true regarding the Security Fabric logging? (Choose two.)

A.

DCFW is responsible for generating UTM logs for file server sessions initiated by Client-1. only if an IPS inspection is triggered

B.

ISFW is responsible for generating traffic logs for only Web traffic and SMB traffic from Client-1.

C.

The SMB session which is forwarded to NGFW logs that event

D.

DCFW generates traffic logs for all sessions from Corporate File Server

E.

The web session forwarded to the NGFW generates the relevant UTM logs along with initial traffic log

Exhibit.

Refer to exhibit, which shows a central management configuration

Which server will FortiGate choose for web filler rating requests if 10.0.1.240 is experiencing an outage?

A.

Public FortiGuard servers

B.

10.0.1.242

C.

10.0.1.244

D.

10.0.1.243

Which two statements about the Security Fabric are true? (Choose two.)

A.

Each member of the Security Fabric maintains the shared Security Fabric map.

B.

Only the root FortiGate collects network topology information and forwards it to FortiAnalyzer.

C.

FortiGate uses the FortiTelemetry protocol to communicate with FortiAnalyzer.

D.

Each FortiGate device in the Security Fabric must have bidirectional FortiTelemetry connectivity.

E.

Only FortiGate devices with configuration-sync sel to Local receive and synchronize the global CMDB objects that the root FortiGate sends.

Refer to the exhibit, which shows device registration on FortiManager.

What can you conclude about the Spoke-1 and Spoke-2 configurations with respect to the information cond: Modified (recent auto-updated)?

A.

Based on the policy configuration on NGFW-1, the configuration on both spokes is modified and automatically updated.

B.

On NGFW-A, the configuration was changed and spokes are wailing for an autoupdate.

C.

On both Spoke-1 and Spoke-2, the configuration was changed directly on the FortiGate device, and the changes were automatically retrieved by the device database.

D.

Spoke-1 and Spoke-2 are sharing the same security policy configuration and the same policy package.

How would £=c-ingress and fec-sgress IPsec configuration affect an IPsec tunnel?

A.

When an FGSP member in FortiGate fails, FortiGate flushes the corresponding tunnels and sends out dead peer detection probes to find unavailable remote peers.

B.

FortiGate will consider all IKEV2 packets as fragmentable.

C.

If fragmentation occurs, FortiGate will allow the packets at the IKE layer.

D.

FortiGate will add additional redundant information to reconstruct any lost or erratically received packets.

Refer to the exhibit, which shows information about an OSPF interface

What two conclusions can you draw from this command output? (Choose two.)

A.

NGFW-1 sends its LSA updates to 224.0.0.6 address

B.

NGFW-1 sends its LSA updates to 224.0.0. 5 address

C.

NGFW-1 forms neighbor adjacency only with DR and BDR router.

D.

NGFW-1 forms neighbor adjacency only if other OSPF routers match the wait time of 40 seconds

You want to improve reliability over a lossy IPSec tunnel.

Which combination of IPSec phase 1 parameters should you configure?

A.

fec-ingress and fec-egress

B.

Odpd and dpd-retryinterval

C.

fragmentation and fragmentation-mtu

D.

keepalive and keylive

Refer to the exhibit, which shows the output of a BGP summary.

What two conclusions can you draw from this BGP summary? (Choose two.)

A.

External BGP (EBGP) exchanges routing information.

B.

The BGP session with peer 10. 127. 0. 75 is established.

C.

The router 100. 64. 3. 1 has the parameter bfd set to enable.

D.

The neighbors displayed are linked to a local router with the neighbor-range set to a value of 4.

Which two statements about the Security fabric are true? (Choose two.)

A.

FortiGate uses the FortiTelemetry protocol to communicate with FortiAnatyzer.

B.

Only the root FortiGate sends logs to FortiAnalyzer

C.

Only FortiGate devices with configuration-sync receive and synchronize global CMDB objects that the toot FortiGate sends

D.

Only the root FortiGate collects network topology information and forwards it to FortiAnalyzer