New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

A Hub FortiGate is connecting multiple branch FortiGate devices separating the traffic centrally in unique VRFs. Routing information is exchanged using BGP between the Hub and the Branch FortiGate devices.

You want to efficiently enable route leaking of specific routes between the VRFs.

Which two steps are required to achieve this requirement? (Choose two.)

A.

Create a vdom link between VRF10 and VRF12

B.

Enable Multi-VDOM mode on the Hub FortiGate and add a VDOM to connect VRF10 and VRF12

C.

Enable BGP recursive routing on the HUB FortiGate

D.

Configure route-maps to leak the selected routes using BGP

Refer to the exhibits.

A customer wants to deploy 12 FortiAP 431F devices on high density conference center, but they do not currently have any PoE switches to connect them to. They want to be able to run them at full power while having network redundancy

From the FortiSwitch models and sample retail prices shown in the exhibit, which build of materials would have the lowest cost, while fulfilling the customer's requirements?

A.

1x FortiSwitch 248EFPOE

B.

2x FortiSwitch 224E-POE

C.

2x FortiSwitch 248E-FPOE

D.

2x FortiSwitch 124E-FPOE

Refer to the exhibit, which shows a VPN topology.

The device IP 10.1.100.40 downloads a file from the FTP server IP 192.168.4.50

Referring to the exhibit, what will be the traffic flow behavior if ADVPN is configured in this environment?

A.

All the session traffic will pass through the Hub

B.

The TCP port 21 must be allowed on the NAT Device2

C.

ADVPN is not supported when spokes are behind NAT

D.

Spoke1 will establish an ADVPN shortcut to Spoke2

You must analyze an event that happened at 20:37 UTC. One log relevant to the event is extracted from FortiGate logs:

The devices and the administrator are all located in different time zones Daylight savings time (DST) is disabled

• The FortiGate is at GMT-1000.

• The FortiAnalyzer is at GMT-0800

• Your browser local time zone is at GMT-03.00

You want to review this log on FortiAnalyzer GUI, what time should you use as a filter?

A.

20:37:08

B.

10:37:08

C.

17:37:08

D.

12.37:08

You are troubleshooting a FortiMail Cloud service integrated with Office 365 where outgoing emails are not reaching the recipients' mail What are two possible reasons for this problem? (Choose two.)

A.

The FortiMail access control rule to relay from Office 365 servers FQDN is missing.

B.

The FortiMail DKIM key was not set using the Auto Generation option.

C.

The FortiMail access control rules to relay from Office 365 servers public IPs are missing.

D.

A Mail Flow connector from the Exchange Admin Center has not been set properly to the FortiMail Cloud FQDN.

Refer to the exhibits, which show a firewall policy configuration and a network topology.

An administrator has configured an inbound SSL inspection profile on a FortiGate device (FG-1) that is protecting a data center hosting multiple web pages-Given the scenario shown in the exhibits, which certificate will FortiGate use to handle requests to xyz.com?

A.

FortiGate will fall-back to the default Fortinet_CA_SSL certificate.

B.

FortiGate will reject the connection since no certificate is defined.

C.

FortiGate will use the Fortinet_CA_Untrusted certificate for the untrusted connection,

D.

FortiGate will use the first certificate in the server-cert list—the abc.com certificate

Refer to the exhibit.

The exhibit shows the topology a customer wants to implement using a flexible authentication scheme. Users connecting from trusted remote locations are authenticated using only their username/password when connecting to the SSLVPN FortiGate in the data center.

When connecting from the Untrusted Clients, users must authenticate using 2-factor authentication.

In this scenario, which RADIUS attribute can be used as a RADIUS policy selector on the FortiAuthenticator to accomplish this goal?

A.

Calling-Station-Id

B.

Framed-IP-Address

C.

Tunnel-Client-Auth-Id

D.

Login-IP-Host

Refer to the exhibit.

The exhibit shows the forensics analysis of an event detected by the FortiEDR core

In this scenario, which statement is correct regarding the threat?

A.

This is an exfiltration attack and has been stopped by FortiEDR.

B.

This is an exfiltration attack and has not been stopped by FortiEDR

C.

This is a ransomware attack and has not been stopped by FortiEDR.

D.

This is a ransomware attack and has been stopped by FortiEDR

Refer to the exhibit showing the history logs from a FortiMail device.

Which FortiMail email security feature can an administrator enable to treat these emails as spam?

A.

DKIM validation in a session profile

B.

Sender domain validation in a session profile

C.

Impersonation analysis in an antispam profile

D.

Soft fail SPF validation in an antispam profile

Refer to the exhibit.

A FortiWeb appliance is configured for load balancing web sessions to internal web servers. The Server Pool is configured as shown in the exhibit.

How will the sessions be load balanced between server 1 and server 2 during normal operation?

A.

Server 1 will receive 25% of the sessions, Server 2 will receive 75% of the sessions

B.

Server 1 will receive 20% of the sessions, Server 2 will receive 66.6% of the sessions

C.

Server 1 will receive 33.3% of the sessions, Server 2 will receive 66 6% of the sessions

D.

Server 1 will receive 0% of the sessions Server 2 will receive 100% of the sessions