EMT Practice Test

1. Question Content...


Question List

Question1: Refer to exhibit.
An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.

Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?

Question2: Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

Question3: What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.)

Question4: Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?

Question5: An administrator does not want to report the login events of service accounts to FortiGate.
What setting on the collector agent is required to achieve this?

Question6: Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

Question7: An administrator has configured the following settings:

What are the two results of this configuration? (Choose two.)

Question8: Which two statements are true about the FGCP protocol? (Choose two.)

Question9: Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)

Question10: The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile.
What order must FortiGate use when the web filter profile has features enabled, such as safe search?

Question11: Which timeout setting can be responsible for deleting SSL VPN associated sessions?

Question12: Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

Question13: Which security fabric feature causes an event trigger to monitor the network when a threat is detected?

Question14: Which statement best describes the role of a DC agent in an FSSO DC agent mode solution?

Question15: Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

Question16: Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

Question17: Which three actions are valid for static URL filtering? (Choose three.)

Question18: Examine the exhibit, which shows a firewall policy configured with multiple security profiles.

Which two security profiles are handled by the IPS engine? (Choose two.)

Question19: Examine the two static routes shown in the exhibit, then answer the following question.

Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

Question20: Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

Question21: Refer to the FortiGuard connection debug output.

Based on the output shown in the exhibit, which two statements are correct? (Choose two.)

Question22: Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

Question23: Which statement about the policy ID number of a firewall policy is true?

Question24: Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

Question25: Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

Question26: Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies.
What does the Administrator account need to access the FortiGate global settings?

Question27: An administrator configured the antivirus profile in a firewall policy set to flow-based inspection mode.
While testing the configuration, the administrator noticed that eicar.com test files can be downloaded using HTTPS protocol only.
What is causing this issue?

Question28: Which three criteria can FortiGate use to look for a matching firewall policy to process traffic?
(Choose three.)

Question29: Which three methods can you use to deliver the token code to a user who is configured to use two- factor authentication? (Choose three.)

Question30: Refer to the exhibit.

Which statement about the configuration settings is true?

Question31: To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?

Question32: Refer to the exhibit.

The exhibit shows a FortiGate configuration.
How does FortiGate handle web proxy traffic coming from the IP address 10.2.1.200, that requires authorization?

Question33: Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

Question34: Which two configuration settings are global settings? (Choose two.)

Question35: An administrator must disable RPF check to investigate an issue.
Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

Question36: An administrator wants to monitor their network for any probing attempts aimed to exploit existing vulnerabilities in their servers.
Which two items must they configure on their FortiGate to accomplish this? (Choose two.)

Question37: Which statement regarding the firewall policy authentication timeout is true?

Question38: An administrator needs to increase network bandwidth and provide redundancy.
What interface type must the administrator select to bind multiple FortiGate interfaces?

Question39: What is eXtended Authentication (XAuth)?

Question40: Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)

Question41: Refer to the exhibits.
The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook.
Users are given access to the Facebook web application. They can play video content hosted on Facebook, but they are unable to leave reactions on videos or other types of posts.


Which part of the policy configuration must you change to resolve the issue?

Question42: Refer to the exhibit, which contains a session diagnostic output.

Which statement is true about the session diagnostic output?

Question43: Refer to the exhibits.
Exhibit A.

Exhibit B.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?

Question44: An administrator has configured central DNAT and virtual IPs.
Which item can be selected in the firewall policy Destination field?

Question45: Which three security features require the intrusion prevention system (IPS) engine to function?
(Choose three.)

Question46: Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

Question47: How do you format the FortiGate flash disk?

Question48: FortiGuard categories can be overridden and defined in different categories. To create a web rating override for the example.com home page, the override must be configured using a specific syntax.
Which two syntaxes are correct to configure a web rating override for the home page? (Choose two.)

Question49: Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

Question50: What is the common feature shared between IPv4 and SD-WAN ECMP algorithms?

Question51: Which statement about the IP authentication header (AH) used by IPsec is true?

Question52: Refer to the exhibit.

Which contains a network diagram and routing table output. The Student is unable to access Webserver.
What is the cause of the problem and what is the solution for the problem?

Question53: FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.
In this scenario, what are two requirements for the VLAN ID? (Choose two.)

Question54: Which two IP pool types are useful for carrier-grade NAT deployments? (Choose two.)

Question55: Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?

Question56: Which two statements are true when FortiGate is in transparent mode? (Choose two.)

Question57: Consider the topology:
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server.
This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

Question58: If the Issuer and Subject values are the same in a digital certificate, to which type of entity was the certificate issued?

Question59: Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

Question60: Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

Question61: Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

Question62: An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to the SSL-VPN.
How can this be achieved?

Question63: Refer to the exhibits.
Exhibit A shows system performance output.

Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds.

Based on the system performance output, which two results are correct? (Choose two.)

Question64: Which two statements about incoming and outgoing interfaces in firewall policies are true? (Choose two.)

Question65: What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

Question66: Which two statements correctly describe the differences between IPsec main mode and IPsec aggressive mode? (Choose two.)

Question67: When configuring a firewall virtual wire pair policy, which following statement is true?

Question68: You can configure FortiGate to store logs on syslog servers, FortiCloud, FortiSIEM, FortiAnalyzer, or FortiManager. These logging devices can also be used as a backup solution. Whenever possible, it is preferred to store logs externally.
If storing logs locally does not fit your requirements, you can store logs externally. You can configure FG to store logs on syslog servers, FortiCloud, FortiSIEM, FortiAnalyzer or FortiManager. These logging devices can also be used as a backup solution.
192.Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

Question69: Which two statements are true about the RPF check? (Choose two.)

Question70: FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.
Which two other security profiles can you apply to the security policy? (Choose two.)

Question71: Which three methods are used by the collector agent for AD polling? (Choose three.)

Question72: Refer to the exhibit, which contains a radius server configuration.

An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option.
What will be the impact of using Include in every user group option in a RADIUS configuration?

Question73: Refer to the exhibit.

The exhibit shows the IPS sensor configuration.
If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

Question74: Refer to the exhibit to view the authentication rule configuration.

In this scenario, which statement is true?

Question75: View the exhibit.

Which two behaviors result from this full (deep) SSL configuration? (Choose two.)

Question76: Which two statements about FortiGate antivirus databases are true? (Choose two.)

Question77: Which scanning technique on FortiGate can be enabled only on the CLI?

Question78: Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

Question79: Refer to the exhibit.

Which route will be selected when trying to reach 10.20.30.254?

Question80: If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source field of a firewall policy?

Question81: What devices form the core of the security fabric?

Question82: Which NAT method translates the source IP address in a packet to another IP address?

Question83: Refer to the exhibit.


The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).
Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.
Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?

Question84: View the exhibit.

Both VDOMs are operating in NAT/route mode. The subnet 10.0.1.0/24 is connected to VDOM1. The subnet 10.0.2.0/24 is connected to VDOM2. There is an inter-VDOM link between VDOM1 and VDOM2.
Also, necessary firewall policies are configured in VDOM1 and VDOM2.
Which two static routes are required in the FortiGate configuration, to route traffic between both subnets through an inter-VDOM link? (Choose two.)

Question85: Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

Question86: Which two types of traffic are managed only by the management VDOM? (Choose two.)

Question87: An administrator has configured outgoing interface any in a firewall policy.
Which statement is true about the policy list view?

Question88: Refer to the exhibit to view the application control profile.

Users who use Apple FaceTime video conferences are unable to set up meetings.
In this scenario, which statement is true?

Question89: Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

Question90: Which three statements explain a flow-based antivirus profile? (Choose three.)

Question91: Which two statements about antivirus scanning in a firewall policy set to proxy-based inspection mode, are true? (Choose two.)

Question92: An administrator has configured two-factor authentication to strengthen SSL VPN access.
Which additional best practice can an administrator implement?

Question93: Which are two benefits of using SD-WAN? (Choose two.)

Question94: Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

Question95: An organization's employee needs to connect to the office through a high-latency internet connection.
Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?

Question96: In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy.
Instead of separate policies.
Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)