EMT Practice Test

1. Question Content...


Question List

Question1: An administrator needs to strengthen the security for SSL VPN access. Which of the following statements are best practices to do so? (Choose three.)

Question2: Which of the following conditions are required for establishing an IPSec VPN between two FortiGate devices? (Choose two.)

Question3: Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

Question4: View the exhibit.

Which users and user groups are allowed access to the network through captive portal?

Question5: An employee connects to the https://example.com on the Internet using a web browser. The web server's certificate was signed by a private internal CA. The FortiGate that is inspecting this traffic is configured for full SSL inspection.
This exhibit shows the configuration settings for the SSL/SSH inspection profile that is applied to the policy that is invoked in this instance. All other settings are set to defaults. No certificates have been imported into FortiGate. View the exhibit and answer the question that follows.

Which certificate is presented to the employee's web browser?

Question6: Which statements about DNS filter profiles are true? (Choose two.)

Question7: Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)

Question8: View the exhibit.


What does this raw log indicate? (Choose two.)

Question9: What files are sent to FortiSandbox for inspection in flow-based inspection mode?

Question10: Which statements about a One-to-One IP pool are true? (Choose two.)

Question11: View the exhibit.

Which of the following statements are correct? (Choose two.)

Question12: View the exhibit.

Based on this output, which statements are correct? (Choose two.)

Question13: View the exhibit:

Which statement about the exhibit is true? (Choose two.)

Question14: HTTP Public Key Pinning (HPKP) can be an obstacle to implementing full SSL inspection. What solutions could resolve this problem? (Choose two.)

Question15: What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)

Question16: An administrator is attempting to allow access to https://fortinet.comthrough a firewall policy that is configured with a web filter and an SSL inspection profile configured for deep inspection. Which of the following are possible actions to eliminate the certificate error generated by deep inspection? (Choose two.)

Question17: A FortiGate device has multiple VDOMs. Which statement about an administrator account configured with the default prof_admin profile is true?

Question18: What FortiGate components are tested during the hardware test? (Choose three.)

Question19: Which of the following statements about virtual domains (VDOMs) are true? (Choose two.)

Question20: Which of the following services can be inspected by the DLP profile? (Choose three.)

Question21: If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does FortiGate take?

Question22: How can you block or allow to Twitter using a firewall policy?

Question23: An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose.

Where must the proxy address be used?

Question24: When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?

Question25: During the digital verification process, comparing the original and fresh hash results satisfies which security requirement?

Question26: Examine this output from a debug flow:

Why did the FortiGate drop the packet?

Question27: Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)

Question28: How does FortiGate verify the login credentials of a remote LDAP user?

Question29: Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels?

Question30: Which statement about FortiGuard services for FortiGate is true?

Question31: An administrator is running the following sniffer command:
diagnose sniffer packet any "host 10.0.2.10" 3
What information will be included in the sniffer output? (Choose three.)

Question32: Which statement is true regarding SSL VPN timers? (Choose two.)

Question33: An administration wants to throttle the total volume of SMTP sessions to their email server. Which of the following DoS sensors can be used to achieve this?

Question34: Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

What are the expected actions if traffic matches this IPS sensor? (Choose two.)

Question35: Which of the following statements about the FSSO collector agent timers is true?