EMT Practice Test

1. Question Content...


Question List

Question1: 51 Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?

Question2: Which statement is correct regarding the use of application control for inspecting web applications?

Question3: What are two functions of ZTNA? (Choose two.)

Question4: Refer to the exhibits.
The exhibits show a network diagram and firewall configurations.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. Remote-User1 must be able to access the Webserver. Remote-User2 must not be able to access the Webserver.


In this scenario, which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

Question5: Refer to the exhibit, which contains a session diagnostic output.

Which statement is true about the session diagnostic output?

Question6: An administrator is running the following sniffer command:
Which three pieces of Information will be Included in me sniffer output? {Choose three.)

Question7: Refer to the exhibit.

Which contains a network diagram and routing table output.
The Student is unable to access Webserver.
What is the cause of the problem and what is the solution for the problem?

Question8: Refer to the exhibit.

Based on the ZTNA tag, the security posture of the remote endpoint has changed.
What will happen to endpoint active ZTNA sessions?

Question9: Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)

Question10: Which three statements explain a flow-based antivirus profile? (Choose three.)

Question11: Which two statements ate true about the Security Fabric rating? (Choose two.)

Question12: Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?

Question13: Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

Question14: What are two scanning techniques supported by FortiGate? (Choose two.)

Question15: Refer to the exhibits.


Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)

Question16: Which two statements describe how the RPF check is used? (Choose two.)

Question17: A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

Question18: Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

Question19: What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.)

Question20: Refer to the exhibit showing a debug flow output.

What two conclusions can you make from the debug flow output? (Choose two.)

Question21: Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

Question22: Refer to the exhibit.




The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.
The WAN (port1) interface has the IP address 10.200. 1. 1/24.
The LAN (port3) interface has the IP address 10.0. 1.254/24.
A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).
Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.
Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0. 1. 10) pings the IP address of Remote-FortiGate (10.200.3. 1)?

Question23: When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

Question24: Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

Question25: Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?

Question26: An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

Question27: Which two statements are true about the RPF check? (Choose two.)

Question28: Refer to the exhibits.
Exhibit A shows the application sensor configuration. Exhibit B shows the Excessive-Bandwidth and Apple filter details.


Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming?

Question29: Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

Question30: Which two statements are correct about NGFW Policy-based mode? (Choose two.)

Question31: Which two statements are true about the FGCP protocol? (Choose two.)

Question32: Which timeout setting can be responsible for deleting SSL VPN associated sessions?

Question33: Which statement about the policy ID number of a firewall policy is true?

Question34: Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)

Question35: Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

Question36: Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

Question37: How can you disable RPF checking?

Question38: Refer to the exhibit showing a debug flow output.

Which two statements about the debug flow output are correct? (Choose two.)

Question39: Which feature in the Security Fabric takes one or more actions based on event triggers?

Question40: Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

Question41: Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

Question42: An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings.
What is true about the DNS connection to a FortiGuard server?

Question43: On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?

Question44: An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achieve this objective?

Question45: Refer to the exhibit to view the firewall policy
Why would the firewall policy not block a well-known virus, for
example eicar?

Question46: Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

Question47: Examine this output from a debug flow:

Why did the FortiGate drop the packet?

Question48: Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

Question49: An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection.
Which FortiGate configuration can achieve this goal?

Question50: Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)

Question51: Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

Question52: What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

Question53: Which three statements are true regarding session-based authentication? (Choose three.)

Question54: Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

Question55: Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

Question56: What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

Question57: What are two features of collector agent advanced mode? (Choose two.)

Question58: Which statement is correct regarding the security fabric?

Question59: Which statement correctly describes the use of reliable logging on FortiGate?

Question60: Which two types of traffic are managed only by the management VDOM? (Choose two.)

Question61: Refer to the exhibit.

An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic.
Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.)

Question62: An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

Question63: If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

Question64: Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

Question65: Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)

Question66: Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

Question67: Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

Question68: Refer to exhibit.
An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.

Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?

Question69: Examine this PAC file configuration.
Which of the following statements are true? (Choose two.)

Question70: Which two statements explain antivirus scanning modes? (Choose two.)

Question71: View the exhibit.

Which of the following statements are correct? (Choose two.)

Question72: Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

Question73: Refer to the exhibit.

Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)

Question74: Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

Question75: Refer to the exhibit.

The exhibit shows a diagram of a FortiGate device connected to the network and the firewall policy and IP pool configuration on the FortiGate device.
Two PCS, PCI and PC2, are connected behind FortiGate and can access the internet successfully. However, when the administrator adds a third PC to the network (PC3), the PC cannot connect to the Intarnet_ Based on the information shown in the exhibit, which three configuration changes should the administrator make to fix the connectivity issue for PC3? (Choose three.)

Question76: Refer to the exhibit.
Refer to the web filter raw logs.

Based on the raw logs shown in the exhibit, which statement is correct?

Question77: Refer to the exhibit.

Based on the raw log, which two statements are correct? (Choose two.)

Question78: Refer to the exhibit.
The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile.
An administrator must block access to download.com, which belongs to the Freeware and Software Downloads category. The administrator must also allow other websites in the same category.

What are two solutions for satisfying the requirement? (Choose two.)

Question79: Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

Question80: FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)

Question81: Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)

Question82: An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

Question83: Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

Question84: What is a reason for triggering IPS fail open?

Question85: Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)