EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

Question2: Refer to the exhibit.

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

Question3: Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

Question4: A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)

Question5: Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

Question6: Refer to the exhibit.

According to the certificate values shown in the exhibit, which type of entity was the certificate issued to?

Question7: When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

Question8: Refer to the exhibit.




The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).
Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.
Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?

Question9: Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

Question10: Refer to the exhibit.

The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses.
How
does FortiGate process the traffic sent to http://www.fortinet.com?

Question11: Refer to the web filter raw logs.

Based on the raw logs shown in the exhibit, which statement is correct?

Question12: Which three methods are used by the collector agent for AD polling? (Choose three.)

Question13: Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access internet.
The To_lnternet VDOM is the only VDOM with internet access and is directly connected to ISP modem.
Which two statements are true? (Choose two.)

Question14: Which three statements are true regarding session-based authentication? (Choose three.)

Question15: Refer to the exhibit showing a debug flow output.

Which two statements about the debug flow output are correct? (Choose two.)

Question16: Which three statements about security associations (SA) in IPsec are correct? (Choose three.)

Question17: An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

Question18: Refer to the exhibit.

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10 .0.1.254. /24.
The first firewall policy has NAT enabled using IP Pool.
The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?

Question19: Which two statements are true about the RPF check? (Choose two.)

Question20: Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

Question21: If Internet Service is already selected as in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

Question22: Refer to the exhibit.

Which contains a Performance SLA configuration.
An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?

Question23: Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).


Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

Question24: Refer to the exhibit.

Which contains a network diagram and routing table output.
The Student is unable to access Webserver.
What is the cause of the problem and what is the solution for the problem?

Question25: Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.
Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)

Question26: What is the primary FortiGate election process when the HA override setting is disabled?

Question27: In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration?
(Choose three.)

Question28: Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

Question29: Which scanning technique on FortiGate can be enabled only on the CLI?

Question30: Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

Question31: Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

Question32: Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

Question33: Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

Question34: Examine this FortiGate configuration:

Examine the output of the following debug command:

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

Question35: To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?

Question36: A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.
What is the reason for the certificate warning errors?

Question37: Examine the following web filtering log.

Which statement about the log message is true?

Question38: Refer to the exhibit.

Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

Question39: Refer to the FortiGuard connection debug output.

Based on the output shown in the exhibit, which two statements are correct? (Choose two.)

Question40: Refer to the exhibit.

Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

Question41: Refer to the exhibit.

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.
The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.
How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP
10.0.1.10 to the destination http://www.fortinet.com? (Choose two.)

Question42: Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

Question43: Refer to the exhibits.


The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?

Question44: Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

Question45: Refer to the exhibits.


Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)

Question46: Refer to the exhibit to view the firewall policy.

Which statement is correct if well-known viruses are not being blocked?

Question47: An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?

Question48: Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)

Question49: When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

Question50: A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic, in addition, the remote peer does not support a dynamic DNS update service. What type of remote gateway should tie administrator configure on FortiGate for the new IPsec VPN tunnel to work?