Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

You are creating the CLI script to be used on a new SD-WAN deployment You will have branches with a different number of internet connections and want to be sure there is no need to change the Performance SLA configuration in case more connections are added to the branch.

The current configuration is:

Which configuration do you use for the Performance SLA members?

A.

set members any

B.

set members 0

C.

current configuration already fulfills the requirement

D.

set members all

Which two statements about bounce address tagging and verification (BATV) on FortiMail are true? (Choose two.)

A.

You must publish the BATV public key as a DNS TXT record.

B.

Emails with an empty sender address will be subjected to bounce verification.

C.

FortiMail will insert the BATV tag to the sender address in the envelope.

D.

BATV will use symmetric keys to verify the bounce address tag.

Refer to the exhibit.

To facilitate a large-scale deployment of SD-WAN/ADVPN with FortiGate devices, you are tasked with configuring the FortiGate devices to support injecting of IKE routes on the ADVPN shortcut tunnels.

Which three commands must be added or changed to the FortiGate spoke config vpn ipsec phasei-interface options referenced in the exhibit for the VPN interface to enable this capability? (Choose three.)

A.

set net-device disable

B.

set mode-cfg enable

C.

set ike-version 1

D.

set add-route enable

E.

set mode-cfg-allow-client-selector enable

Refer to the exhibit.

You are deploying a FortiGate 6000F. The device should be directly connected to a switch. In the future, a new hardware module providing higher speed will be installed in the switch, and the connection to the FortiGate must be moved to this higher-speed port.

You must ensure that the initial FortiGate interface connected to the switch does not affect any other port when the new module is installed and the new port speed is defined.

How should the initial connection be made?

A.

Connect the switch on any interface between ports 21 to 24

B.

Connect the switch on any interface between ports 25 to 28

C.

Connect the switch on any interface between ports 1 to 4

D.

Connect the switch on any interface between ports 5 to 8.

You are designing a setup where the FortiGate device is connected to two upstream ISPs using BGP. Part of the requirement is that you must be able to refresh the route advertisements manually without disconnecting the BGP neighborships.

Which feature must you enable on the BGP neighbors to accomplish this goal?

A.

Synchronization

B.

Deterministic-med

C.

Graceful-restart

D.

Soft-reconfiguration

Refer to the exhibits.

A FortiGate cluster (CL-1) protects a data center hosting multiple web applications. A pair of FortiADC devices are already configured for SSL decryption (FAD-1), and re-encryption (FAD-2). CL-1 must accept unencrypted traffic from FAD-1, perform application detection on the plain-text traffic, and forward the inspected traffic to FAD-2.

The SSL-Offload-App-Detect application list and SSL-Offload protocol options profile are applied to the firewall policy handling the web application traffic on CL-1.

Given this scenario, which two configuration tasks must the administrator perform on CL-1? (Choose two.)

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Refer to the exhibit.

A customer has deployed a FortiGate 200F high-availability (HA) cluster that contains & TPM chip. The exhibit shows output from the FortiGate CLI session where the administrator enabled TPM.

Following these actions, the administrator immediately notices that both FortiGate high availability (HA) status and FortiManager status for the FortiGate are negatively impacted.

What are the two reasons for this behavior? (Choose two.)

A.

The private-data-encryption key entered on the primary did not match the value that the TPM expected.

B.

Configuration for TPM is not synchronized between FortiGate HA cluster members.

C.

The FortiGate has not finished the auto-update process to synchronize the new configuration to FortiManager yet.

D.

TPM functionality is not yet compatible with FortiGate HA.

E.

The administrator needs to manually enter the hex private data encryption key in FortiManager.

Refer to the exhibits.

You are configuring a Let's Encrypt certificate to enable SSL protection to your website. When FortiWeb tries to retrieve the certificate, you receive a certificate status failed, as shown below.

Based on the Server Policy settings shown in the exhibit, which two configuration changes will resolve this issue? (Choose two.)

A.

Disable Redirect HTTP to HTTPS in the Server Policy.

B.

Remove the Web Protection Profile from this Server Policy.

C.

Enable HTTP service in the Server Policy.

D.

Configure a TXT record of the domain and point to the IP address of the Virtual Server.

A FortiGate must be configured to accept VoIP traffic which will include session initiation protocol (SIP) traffic. Which statement about the VoIP configuration options is correct?

A.

Restricting SIP requests is only possible when using the SIP Session Helper.

B.

Rate tracking of SIP requests is only possible when the application layer gateway (ALG) is set to Flow mode.

C.

FortiOS cannot accept SIP traffic if both the SIP Session Helper and the application layer gateway (ALG) are disabled.

D.

By default, VoIP traffic will be processed using the SIP Session Helper.

A FortiGate running FortiOS 7.2.0 GA is configured in multi-vdom mode with a vdom set to vdom type Admin and another vdom set to vdom type Traffic.

Which two GUI sections are available on both VDOM types? (Choose two.)

A.

Interface configuration

B.

Packet capture

C.

Security Fabric topology and external connectors

D.

Certificates

E.

FortiClient configuration