EMT Practice Test

1. Question Content...


Question List

Question1: What step is required to configure an SSL VPN to access to an internal server using port forward mode?

Question2: Which file names will match the *.tiff file name pattern configured in a data leak prevention filter? (Choose two.)

Question3: What is the purpose of the Policy Lookup feature?

Question4: An administrator has configured a dialup IPsec VPN with XAuth. Which method statement best describes this scenario?

Question5: Which statements about an IPv6-over-IPv4 IPsec configuration are correct? (Choose two.)

Question6: View the exhibit.

What is the effect of the Disconnect Cluster Member operation as shown in the exhibit? (Choose two.)

Question7: How do you configure a FortiGate to do traffic shaping of P2P traffic, such as BitTorrent?

Question8: Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

Question9: Examine the routing database.

Which of the following statements are correct? (Choose two.)

Question10: Which of the following statements are true when using Web Proxy Auto-discovery Protocol (WPAD) with the DHCP discovery method? (Choose two.)

Question11: Which component of FortiOS performs application control inspection?

Question12: View the exhibit.

This is a sniffer output of a telnet connection request from 172.20.120.186 to the port1interface of FGT1.

In this scenario. FGT1 has the following routing table:

Assuming telnet service is enabled for port1, which of the following statements correctly describes why FGT1 is not responding?

Question13: Which election criterion is used to elect the primary FortiGate in a high availability (HA) cluster when override is enabled?

Question14: How can you format the FortiGate flash disk?

Question15: An administrator needs to be able to view logs for application usage on your network. What configurations are required to ensure that FortiGate generates logs for application usage activity? (Choose two.)

Question16: View the exhibit.

When a user attempts to connect to an HTTPS site, what is the expected result with this configuration?

Question17: View the exhibit.

When Role is set to Undefined, which statement is true?

Question18: An administrator has blocked Netflix login in a cloud access security inspection (CASI) profile. The administrator has also applied the CASI profile to a firewall policy.
What else is required for the CASI profile to work properly?

Question19: Which statement about data leak prevention (DLP) on a FortiGate is true?

Question20: What FortiGate feature can be used to prevent a cross-site scripting (XSS) attack?

Question21: What are the purposes of NAT traversal in IPsec? (Choose two.)

Question22: View the exhibit.

Which statements about the exhibit are true? (Choose two.)

Question23: How does FortiGate verify the login credentials of a remote LDAP user?

Question24: View the exhibit.

Which of the following statements are correct? (Choose two.)

Question25: In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a secondary FortiGate?

Question26: How do you configure inline SSL inspection on a firewall policy? (Choose two.)

Question27: Which of the following statements about NTLM authentication are correct? (Choose two.)

Question28: Examine this output from a debug flow:

Which statements about the output are correct? (Choose two.)

Question29: Which statements about One-to-One IP pool are true? (Choose two.)

Question30: View the exhibit.

Which users and user groups are allowed access to the network through captive portal?

Question31: View the exhibit.

The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output:

What should be done next to troubleshoot the problem?

Question32: Examine the following interface configuration on a FortiGate in transparent mode:

Which statement about this configuration is correct?

Question33: Which of the following settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (Choose three.)

Question34: View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com(Addicting.Games).
Based on this configuration, which statement is true?

Question35: Examine the exhibit.

A client workstation is connected to FortiGate port2. The Fortigate port1 is connected to an ISP router.
Port2 and port3 are both configured as a software switch.
What IP address must be configured in the workstation as the default gateway?

Question36: A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface.
Which statement about the VLAN IDs in this scenario is true?

Question37: View the exhibit.

Based on this output, which statements are correct? (Choose two.)

Question38: Which statements about FortiGate inspection modes are true? (Choose two.)

Question39: An administrator has configured the following settings:

What does the configuration do? (Choose two.)

Question40: What FortiGate feature can be used to allow IPv6 clients to connect to IPv4 servers?

Question41: Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup tunnels?

Question42: Which of the following statements about the FSSO collector agent timers is true?

Question43: Examine this output from a debug flow:

Which statements about the output are correct? (Choose two.)

Question44: Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

Question45: Which statement is true regarding the policy ID numbers of firewall policies?

Question46: How can a browser trust a web-server certificate signed by a third party CA?

Question47: Which statements about application control are true? (Choose two.)

Question48: Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

Question49: View the exhibit.

What does this exhibit represent?

Question50: What does the command diagnose debug fsso-polling refresh-user do?

Question51: How does FortiGate look for a matching firewall policy to process traffic?

Question52: Which statement about the firewall policy authentication timeout is true?

Question53: Which traffic sessions can be offloaded to a NP6 processor? (Choose two.)

Question54: Which traffic inspection features can be executed by a security processor (SP)? (Choose three.)

Question55: What inspections are executed by the IPS engine? (Choose three.)

Question56: If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does the FortiGate take?

Question57: Which statements correctly describe transparent mode operation? (Choose three.)

Question58: A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups.
What is required in the SSL VPN configuration to meet these requirements?

Question59: An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN. How can this be achieved?