EMT Practice Test

1. Question Content...


Question List

Question1: FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.
Which two other security profiles can you apply to the security policy? (Choose two.)

Question2: An administrator has configured the following settings:

Question3: If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

Question4: A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.
What is the reason for the certificate warning errors?

Question5: How do you format the FortiGate flash disk?

Question6: An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

Question7: Examine the following web filtering log.

Which statement about the log message is true?

Question8: Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

Question9: An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must an administrator do to achieve this objective?

Question10: Refer to the web filter raw logs.

Based on the raw logs shown in the exhibit, which statement is correct?

Question11: Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

Question12: Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

Question13: Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

Question14: Which two statements are correct about SLA targets? (Choose two.)

Question15: Refer to the exhibits.


The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?

Question16: Which two statements are true when FortiGate is in transparent mode? (Choose two.)

Question17: How does FortiGate act when using SSL VPN in web mode?

Question18: Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

Question19: Refer to the exhibit.

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

Question20: Refer to the exhibit.




The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).
Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.
Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?

Question21: An administrator is running the following sniffer command:

Which three pieces of Information will be Included in me sniffer output? {Choose three.)

Question22: Refer to the exhibit.

Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

Question23: Refer to the exhibits.


The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook.
Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.
Which part of the policy configuration must you change to resolve the issue?

Question24: A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic, in addition, the remote peer does not support a dynamic DNS update service. What type of remote gateway should tie administrator configure on FortiGate for the new IPsec VPN tunnel to work?

Question25: Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

Question26: You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.
What is the default behavior when the local disk is full?

Question27: Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

Question28: Refer to the exhibit, which contains a session diagnostic output.

Which statement is true about the session diagnostic output?

Question29: Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

Question30: Refer to the exhibits.


Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)

Question31: An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

Question32: An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24. How must the administrator configure the local quick mode selector for site B?

Question33: Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access internet. The To_lnternet VDOM is the only VDOM with internet access and is directly connected to ISP modem.
Which two statements are true? (Choose two.)

Question34: Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

Question35: Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

Question36: Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

Question37: A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)

Question38: Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

Question39: Refer to the exhibit.

Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

Question40: Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

Question41: Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

Question42: The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile.
What order must FortiGate use when the web filter profile has features enabled, such as safe search?

Question43: Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)

Question44: What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

Question45: An administrator Is configuring an IPsec VPN between site A and site B.
The Remote Gateway setting in both sites has been configured as Static IP Address. For site A.
the local quick mode selector is 192.160.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B?

Question46: What devices form the core of the security fabric?

Question47: Which two types of traffic are managed only by the management VDOM? (Choose two.)

Question48: Refer to the exhibit.

Which contains a Performance SLA configuration.
An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?

Question49: Refer to the exhibit.



The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.
How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

Question50: Refer to the exhibit showing a debug flow output.

Which two statements about the debug flow output are correct? (Choose two.)