EMT Practice Test

1. Question Content...


Question List

Question1: You are tasked to architect a new IPsec deployment with the following criteria:
- There are two HQ sites that all satellite offices must connect to.
- The satellite offices do not need to communicate directly with other satellite offices.
- No dynamic routing will be used.
- The design should minimize the number of tunnels being configured.
Which topology should be used to satisfy all of the requirements?

Question2: Examine the routing database.

Which of the following statements are correct? (Choose two.)

Question3: Which statement about the firewall policy authentication timeout is true?

Question4: An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?

Question5: An administrator needs to offload logging to FortiAnalyzer from a FortiGate with an internal hard drive. Which statements are true? (Choose two.)

Question6: Which of the following statements about NTLM authentication are correct? (Choose two.)

Question7: Under what circumstance would you enable LEARN as the Action on a firewall policy?

Question8: Which statements correctly describe transparent mode operation? (Choose three.)

Question9: Which statements about DNS filter profiles are true? (Choose two.)

Question10: When using WPAD DNS method, what is the FQDN format that browsers use to query the
DNS server?

Question11: What statement describes what DNS64 does?

Question12: Examine the exhibit, which contains a virtual IP and a firewall policy configuration.

The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP address 10.0.1.254/24.
The top firewall policy has NAT enabled using outgoing interface address. The second firewall policy configured with a virtual IP (VIP) as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

Question13: Which statement about the FortiGuard services for the FortiGate is true?

Question14:
Which statement is correct based on this configuration?

Question15: How can a browser trust a web-server certificate signed by a third party CA?

Question16: How does FortiGate select the central SNAT policy that is applied to a TCP session?

Question17: How do you configure inline SSL inspection on a firewall policy? (Choose two.)

Question18: Which of the following statements about advanced AD access mode for FSSO collector agent are true? (Choose two.)

Question19: How does FortiGate verify the login credentials of a remote LDAP user?

Question20: An administrator has enabled proxy-based antivirus scanning and configured the following settings:

Which statement about the above configuration is true?

Question21: How to configure Collector agent settings?

Question22:
What does the configuration do? (Choose two.)

Question23: Which statements about antivirus scanning using flow-based full scan are true? (Choose two.)

Question24: Which traffic inspection features can be executed by a security processor (SP)? (Choose three.)

Question25: How does FortiGate look for a matching firewall policy to process traffic?

Question26: View the exhibit.

This is a sniffer output of a telnet connection request from 172.20.120.186 to the port1 interface of FGT1.

In this scenario. FGT1 has the following routing table:

Assuming telnet service is enabled for port1, which of the following statements correctly describes why FGT1 is not responding?

Question27: An administrator observes that the port1 interface cannot be configured with an IP address.
What can be the reasons for that? (Choose three.)

Question28: How can you format the FortiGate flash disk?

Question29: What does the command diagnose debuf fsso-polling refresh-user do?

Question30: View the exhibit.

Based on this output, which statements are correct? (Choose two.)

Question31: What FortiGate feature can be used to allow IPv6 clients to connect to IPv4 servers?

Question32: What traffic and attacks can be blocked by a web application firewall (WAF) profile?
(Choose three.)

Question33: Which of the following settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (Choose three.)

Question34: An administrator has configured two VLAN interfaces:

A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the
VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the
DHCP server. What is the cause of the problem?

Question35: When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

Question36: Which file names will match the *.tiff file name pattern configured in a data leak prevention filter? (Choose two.)

Question37: View the example routing table.

Which route will be selected when trying to reach 10.20.30.254?

Question38: Which of the following statements describe WMI polling mode for FSSO collector agent?
(Choose two.)

Question39: Which of the following statements about central NAT are true? (Choose two.)

Question40: An administrator has configured a dialup IPsec VPN with XAuth. Which method statement best describes this scenario?

Question41: What methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)

Question42: What step is required to configure an SSL VPN to access to an internal server using port forward mode?

Question43: Which statements about IP-based explicit proxy authentication are true? (Choose two.)

Question44: A company needs to provide SSL VPN access to two user groups.
The company also needs to display different welcome messages on the SSL VPN login screen for both user groups.
What is required in the SSL VPN configuration to meet these requirements?

Question45: What information is flushed when the chunk-size value is changed in the config dlp settings?

Question46:
Which of the following statements are true? (Choose two.)

Question47: An administrator is using the FortiGate built-in sniffer to capture HTTP traffic between a client and a server, however, the sniffer output shows only the packets related with TCP session setups and disconnections. Why?

Question48: An administrator has created a custom IPS signature. Where does the custom IPS signature have to be applied?

Question49: Which traffic sessions can be offloaded to a NP6 processor? (Choose two.)

Question50: Which statement about data leak prevention (DLP) on a FortiGate is true?

Question51: An administrator has created a custom IPS signature. Where does the custom IPS signature have to be applied?

Question52: Which of the following Fortinet hardware accelerators can be used to offload flow-based antivirus inspection? (Choose two.)

Question53: View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting.Games).
Based on this configuration, which statement is true?

Question54: Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

Question55: View the exhibit.

When Role is set to Undefined, which statement is true?

Question56: Which configuration objects can be selected for the Source filed of a firewall policy?
(Choose two.)

Question57: View the exhibit.

The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output:

What should be done next to troubleshoot the problem?

Question58: If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does the FortiGate take?

Question59: View the exhibit.

What is the effect of the Disconnect Cluster Member operation as shown in the exhibit?
(Choose two.)

Question60:
A client workstation is connected to FortiGate port2. The Fortigate port1 is connected to an ISP router.
Port2 and port3 are both configured as a software switch.
What IP address must be configured in the workstation as the default gateway?