EMT Practice Test

1. Question Content...


Question List

Question1: An administrator is configuring an IPsec VPN between site A and site B.
The Remote Gateway setting in both sites has been configured as. For site A, the local quick mode selector is
192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B?

Question2: Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.


An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.
What is a possible reason for this?

Question3: What devices form the core of the security fabric?

Question4: Refer to the exhibits.


The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?

Question5: Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

Question6: Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?

Question7: Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

Question8: Refer to the FortiGuard connection debug output.

Based on the output shown in the exhibit, which two statements are correct? (Choose two.)

Question9: An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

Question10: Which two statements are true about the RPF check? (Choose two.)

Question11: Refer to the exhibit.

The exhibits show a network diagram and the explicit web proxy configuration.
In the command diagnose sniffer packet, what filter can you use to capture the traffic between the client and the explicit web proxy?

Question12: Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)

Question13: Which two statements are correct about SLA targets? (Choose two.)

Question14: Which feature in the Security Fabric takes one or more actions based on event triggers?

Question15: Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the Internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem.
Which two statements are true? (Choose two.)

Question16: Refer to the exhibit, which contains a session diagnostic output.

Which statement is true about the session diagnostic output?

Question17: Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

Question18: An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

Question19: Which three statements about a flow-based antivirus profile are correct? (Choose three.)

Question20: Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

Question21: Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

Question22: Which two statements are true when FortiGate is in transparent mode? (Choose two.)

Question23: An administrator must disable RPF check to investigate an issue.
Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

Question24: An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?

Question25: What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

Question26: Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

Question27: Refer to the exhibit.

Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

Question28: Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster?
(Choose two.)

Question29: Which of the following SD-WAN load -balancing method use interface weight value to distribute traffic?
(Choose two.)

Question30: Refer to the exhibit to view the firewall policy.

Which statement is correct if well-known viruses are not being blocked?

Question31: Refer to the exhibit.

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.
The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.
How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP
10.0.1.10 to the destination http://www.fortinet.com? (Choose two.)

Question32: In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration?
(Choose three.)

Question33: Which of the following statements about central NAT are true? (Choose two.)

Question34: View the exhibit:

Which the FortiGate handle web proxy traffic rue? (Choose two.)

Question35: Refer to the exhibit showing a debug flow output.

Which two statements about the debug flow output are correct? (Choose two.)

Question36: Examine this FortiGate configuration:

How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

Question37: Refer to the exhibit.

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

Question38: FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.
Which two other security profiles can you apply to the security policy? (Choose two.)

Question39: Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection?
(Choose two.)

Question40: Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

Question41: Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)

Question42: By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.
Which two CLI commands will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering? (Choose two.)

Question43: Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

Question44: To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?

Question45: Which of statement is true about SSL VPN web mode?

Question46: Refer to the exhibit.

The exhibit shows the IPS sensor configuration.
If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

Question47: Refer to the exhibit.

Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

Question48: Examine the following web filtering log.

Which statement about the log message is true?

Question49: Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)

Question50: A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.
What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

Question51: Which three methods are used by the collector agent for AD polling? (Choose three.)

Question52: Refer to the exhibits.


The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook.
Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.
Which part of the policy configuration must you change to resolve the issue?

Question53: What is the primary FortiGate election process when the HA override setting is disabled?

Question54: Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

Question55: What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

Question56: A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.
What is the reason for the failed virus detection by FortiGate?

Question57: When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?