EMT Practice Test

1. Question Content...


Question List

Question1: During the digital verification process, comparing the original and fresh hash results satisfies which
security requirement?

Question2: Examine the exhibit, which shows the output of a web filtering real time debug.

Why is the site www.bing.com being blocked?

Question3: Which of the following conditions are required for establishing an IPSec VPN between two FortiGate
devices? (Choose two.)

Question4: Examine this FortiGate configuration:

How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires
authorization?

Question5: HTTP Public Key Pinning (HPKP) can be an obstacle to implementing full SSL inspection. What solutions
could resolve this problem? (Choose two.)

Question6: Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

What are the expected actions if traffic matches this IPS sensor? (Choose two.)

Question7: Which statements about a One-to-One IP pool are true? (Choose two.)

Question8: An administrator has configured two VLAN interfaces:

A DHCP server is connected to the VLAN10interface. A DHCP client is connected to the VLAN5interface.
However, the DHCP client cannot get a dynamic IP address from the DHCP server. What is the cause of
the problem?

Question9: Which statement about FortiGuard services for FortiGate is true?

Question10: Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels?

Question11: Which statement is true regarding the policy ID number of a firewall policy?

Question12: An administration wants to throttle the total volume of SMTP sessions to their email server. Which of the
following DoS sensors can be used to achieve this?

Question13: An administrator is attempting to allow access to https://fortinet.comthrough a firewall policy that
is configured with a web filter and an SSL inspection profile configured for deep inspection. Which of the
following are possible actions to eliminate the certificate error generated by deep inspection? (Choose
two.)

Question14: If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate
issued to?

Question15: View the exhibit.

Which users and user groups are allowed access to the network through captive portal?

Question16: NGFW mode allows policy-based configuration for most inspection rules. Which security profile's
configuration does not change when you enable policy-based inspection?

Question17: What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall
policy called Full Access? (Choose two.)

Question18: Which of the following FortiGate configuration tasks will create a route in the policy route table? (Choose
two.)

Question19: View the exhibit.

Based on this output, which statements are correct? (Choose two.)

Question20: Which of the following services can be inspected by the DLP profile? (Choose three.)

Question21: Which of the following statements about virtual domains (VDOMs) are true? (Choose two.)

Question22: Which statements about DNS filter profiles are true? (Choose two.)

Question23: Examine the exhibit, which contains a virtual IP and firewall policy configuration.



The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP
address 10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is
configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP
address 10.0.1.10/24?

Question24: Which action can be applied to each filter in the application control profile?

Question25: By default, when logging to disk, when does FortiGate delete logs?

Question26: Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)

Question27: View the exhibit:

The client cannot connect to the HTTP web server. The administrator ran the FortiGate built-in sniffer and
got the following output:

What should be done next to troubleshoot the problem?

Question28: Which one of the following processes is involved in updating IPS from FortiGuard?

Question29: A FortiGate device has multiple VDOMs. Which statement about an administrator account configured with
the default prof_admin profile is true?

Question30: If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does FortiGate
take?

Question31: Which statements about HA for FortiGate devices are true? (Choose two.)

Question32: When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that
FortiGate can forward Internet traffic?

Question33: You are configuring the root FortiGate to implement the security fabric. You are configuring port10 to
communicate with a downstream FortiGate. View the default Edit Interface in the exhibit below:

When configuring the root FortiGate to communicate with a downstream FortiGate, which settings are
required to be configured? (Choose two.)

Question34: An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which
statement about this IPsec VPN configuration is true?

Question35: View the exhibit:

Which statement about the exhibit is true? (Choose two.)

Question36: How does FortiGate verify the login credentials of a remote LDAP user?

Question37: Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)