EMT Practice Test

1. Question Content...


Question List

Question1: Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

Question2: An administrator needs to increase network bandwidth and provide redundancy.
What interface type must the administrator select to bind multiple FortiGate interfaces?

Question3: If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

Question4: Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

Question5: Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)

Question6: You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.
What is the default behavior when the local disk is full?

Question7: Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.


An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.
What is a possible reason for this?

Question8: Which two statements about antivirus scanning mode are true? (Choose two.)

Question9: Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

Question10: An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

Question11: Refer to the exhibit to view the application control profile.

Users who use Apple FaceTime video conferences are unable to set up meetings.
In this scenario, which statement is true?

Question12: Which feature in the Security Fabric takes one or more actions based on event triggers?

Question13: Refer to the exhibit.

An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic.
Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.)

Question14: Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

Question15: Refer to the web filter raw logs.

Based on the raw logs shown in the exhibit, which statement is correct?

Question16: Refer to the exhibit to view the firewall policy.

Which statement is correct if well-known viruses are not being blocked?

Question17: Refer to the exhibit, which contains a session diagnostic output.

Which statement is true about the session diagnostic output?

Question18: In an explicit proxy setup, where is the authentication method and database configured?

Question19: Examine this FortiGate configuration:

How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

Question20: What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

Question21: Refer to the exhibit.

Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

Question22: Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?

Question23: By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.
Which CLI command will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?

Question24: Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)

Question25: Refer to the exhibit.

According to the certificate values shown in the exhibit, which type of entity was the certificate issued to?

Question26: An organization's employee needs to connect to the office through a high-latency internet connection.
Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?

Question27: Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

Question28: An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

Question29: An administrator needs to increase network bandwidth and provide redundancy.
What interface type must the administrator select to bind multiple FortiGate interfaces?

Question30: An administrator is running the following sniffer command:

Which three pieces of Information will be Included in me sniffer output? {Choose three.)

Question31: Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)

Question32: Exhibit:

Refer to the exhibit to view the authentication rule configuration In this scenario, which statement is true?

Question33: Refer to the exhibit.

The exhibits show a network diagram and the explicit web proxy configuration.
In the command diagnose sniffer packet, what filter can you use to capture the traffic between the client and the explicit web proxy?

Question34: Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)

Question35: Examine the exhibit, which contains a virtual IP and firewall policy configuration.



The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address
10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

Question36: Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

Question37: You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.
What is the default behavior when the local disk is full?

Question38: Refer to the exhibit.

Which contains a Performance SLA configuration.
An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?

Question39: A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.
What is the reason for the certificate warning errors?

Question40: Examine the following web filtering log.

Which statement about the log message is true?

Question41: Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

Question42: Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

Question43: What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

Question44: Which three statements about a flow-based antivirus profile are correct? (Choose three.)

Question45: Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?

Question46: If Internet Service is already selected as Destination in a firewall policy, which other configuration objects can be selected to the Destination field of a firewall policy?

Question47: Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

Question48: A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.
What is the reason for the failed virus detection by FortiGate?

Question49: Refer to the exhibit.

Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

Question50: Which three methods are used by the collector agent for AD polling? (Choose three.)

Question51: An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24. How must the administrator configure the local quick mode selector for site B?

Question52: An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

Question53: Refer to the exhibit, which contains a radius server configuration.

An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option.
What will be the impact of using Include in every user group option in a RADIUS configuration?

Question54: Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?

Question55: Refer to the exhibit.

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

Question56: Refer to the exhibit to view the application control profile.

Users who use Apple FaceTime video conferences are unable to set up meetings.
In this scenario, which statement is true?

Question57: View the exhibit.

Which of the following statements are correct? (Choose two.)

Question58: Refer to the exhibit.

Based on the raw log, which two statements are correct? (Choose two.)

Question59: Refer to the exhibit.


The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check.
Which interface will be selected as an outgoing interface?

Question60: Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?

Question61: Refer to the exhibit.

The exhibit shows the IPS sensor configuration.
If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

Question62: FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.
Which two other security profiles can you apply to the security policy? (Choose two.)

Question63: A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

Question64: Refer to the exhibit to view the application control profile.

Users who use Apple FaceTime video conferences are unable to set up meetings.
In this scenario, which statement is true?

Question65: Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

Question66: Refer to the exhibit showing a debug flow output.

Which two statements about the debug flow output are correct? (Choose two.)

Question67: An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

Question68: If Internet Service is already selected as Destination in a firewall policy, which other configuration objects can be selected to the Destination field of a firewall policy?

Question69: Refer to the exhibit.

Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

Question70: Which feature in the Security Fabric takes one or more actions based on event triggers?

Question71: Examine the two static routes shown in the exhibit, then answer the following question.

Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

Question72: A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface.
Which statements about the VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

Question73: Which three statements about a flow-based antivirus profile are correct? (Choose three.)

Question74: Which statement regarding the firewall policy authentication timeout is true?

Question75: Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).


Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

Question76: Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)

Question77: Refer to the exhibit.

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.
The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.
How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http://www.fortinet.com? (Choose two.)

Question78: A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)

Question79: Refer to the exhibit.

Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

Question80: Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

Question81: Refer to the exhibit.



The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.
How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

Question82: Refer to the exhibit.



The exhibit contains a network diagram, firewall policies, and a firewall address object configuration.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-user2.
Remote-user2 is still able to access Webserver.
Which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

Question83: Refer to the exhibits.
Exhibit A.

Exhibit B.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric.
After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?

Question84: Examine the exhibit, which contains a virtual IP and firewall policy configuration.



The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

Question85: Refer to the exhibit.



The exhibit contains a network diagram, firewall policies, and a firewall address object configuration.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-user2. Remote-user2 is still able to access Webserver.
Which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

Question86: Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

Question87: An administrator has configured the following settings:

Question88: Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

Question89: To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?

Question90: Which statement about video filtering on FortiGate is true?

Question91: If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

Question92: A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.
What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

Question93: Refer to the exhibit.

Based on the raw log, which two statements are correct? (Choose two.)

Question94: An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

Question95: An administrator wants to configure timeouts for users. Regardless of the user behavior, the timer should start as soon as the user authenticates and expire after the configured value.
Which timeout option should be configured on FortiGate?

Question96: Which two statements are true when FortiGate is in transparent mode? (Choose two.)

Question97: In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration?
(Choose three.)

Question98: How do you format the FortiGate flash disk?

Question99: NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?

Question100: Examine the network diagram shown in the exhibit, then answer the following question:

Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?

Question101: Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

Question102: By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.
Which CLI command will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?

Question103: Examine this FortiGate configuration:

How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

Question104: Which of the following SD-WAN load -balancing method use interface weight value to distribute traffic?
(Choose two.)

Question105: An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

Question106: Refer to the exhibit, which contains a radius server configuration.

An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option.
What will be the impact of using Include in every user group option in a RADIUS configuration?

Question107: Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

Question108: Refer to the exhibit to view the firewall policy.

Which statement is correct if well-known viruses are not being blocked?

Question109: Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

Question110: If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

Question111: Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

Question112: Refer to the exhibit to view the application control profile.

Based on the configuration, what will happen to Apple FaceTime?

Question113: Refer to the exhibit.

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10 .0.1.254. /24.
The first firewall policy has NAT enabled using IP Pool.
The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?

Question114: An administrator is configuring an IPsec VPN between site A and site B.
The Remote Gateway setting in both sites has been configured as Static IP Address.
For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B?

Question115: An administrator has configured the following settings:

Question116: Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

Question117: An administrator has configured the following settings:

What are the two results of this configuration? (Choose two.)

Question118: Refer to the exhibit to view the application control profile.

Based on the configuration, what will happen to Apple FaceTime?

Question119: Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

Question120: Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)

Question121: Refer to the exhibit.

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

Question122: Examine the two static routes shown in the exhibit, then answer the following question.

Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

Question123: Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

Question124: Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

Question125: Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

Question126: Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

Question127: You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.
What is the default behavior when the local disk is full?

Question128: Which scanning technique on FortiGate can be enabled only on the CLI?

Question129: Refer to the exhibit.



The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.
How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

Question130: Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

Question131: An administrator must disable RPF check to investigate an issue.
Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

Question132: Which three statements about security associations (SA) in IPsec are correct? (Choose three.)

Question133: Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?