EMT Practice Test

1. Question Content...


Question List

Question1: Which behavior does not exist for certificate revocation lists (CRLs) on FortiAuthenticator?

Question2: In a server mode config-only cluster, where is the mail data stored? (Choose one.)

Question3: Which protocols can a FortiSandbox inspect when is deployed in sniffer mode? (Choose two.)

Question4: Which of the following features are available in all FortiADC models? (Choose three.)

Question5: An administrator wants to implement load balancing persistence by configuring the FortiADC to prefix the server ID to an existing cookie sent by the back-end servers. Which persistence method can the administrator use?

Question6: What is the maximum number of sites (or peers) supported in a global load-balancing solution based on FortiADC?

Question7: A device that is 802.1X non-compliant must be connected to the network. Which authentication method can you use to authenticate the device with FortiAuthenticator?

Question8: Which protocols are supported for archiving scan job reports? (Choose two.)

Question9: Which FortiADC features can be used to harden the device and server security? (Choose two.)

Question10: What mechanism does FortiGate use to avoid sending a file that has been already inspected to FortiSandbox?

Question11:
Based on the exhibit, which are true? (Choose two.)

Question12: The sender validation techniques SPF and DKIM rely on data provided by what type of entity?

Question13: When FortiMail is operating in server mode, the DNS MX records for each protected domain should point to:

Question14: If a corporate policy mandates IBE encryption for all outgoing emails sent to a specific email domain, which FortiMail configuration object would be utilized to make that happen?

Question15: When FortiMail is operating is transparent mode, SMTP sessions are intercepted and scanned based on what criteria?

Question16: If FortiSandbox connects to FortiGuard through a web proxy server, which FortiSandbox interface must have access to the proxy server?

Question17: FortiGate is configured to send suspicious files to a FortiSandbox for in-line inspection. The administrator creates a new VDOM, and then generates some traffic so what the new VDOM sends a file to the FortiSandbox for the first time. Which is true regarding this scenario?

Question18: Which is not a supported captive portal authentication method?

Question19: You are a FortiAuthenticator administrator for a large organization, and suddenly all of the FortiToken 200 users in the organization are unable to authenticate using their tokens. What is the most probable reason?

Question20: Which FortiGate process sends files to FortiSandbox for inspection?

Question21: For the case of outbound link load balancing, which upstream link is elected by the proximity route dynamic detection feature as the best one for a destination IP address?

Question22: Why is it recommended to choose the FortiMail operation mode early in the setup process?

Question23: What is one requirement for your network when deploying FortiAuthenticator?

Question24: Which CLI command on FortiAuthenticator is not used for troubleshooting network connectivity issues?

Question25: In transparent mode, when choosing between using the built-in MTA or using the transparent proxy, what difference might be encountered regarding mail routing?

Question26: Which of the following statements best describe what a SYN cookie does when a SYN packet is received?

Question27: RADIUS authentication with FortiAuthenticator is not working. The traffic sniffer indicates that client traffic is not reaching FortiAuthenticator. Which could be the cause of the problem? (Choose two.)

Question28: If the FortiMail administrator wished to identify emails which were sent to a particular email address so that those emails could be processed differently, which configuration object would the administrator use?

Question29: Once an antispam profile has been configured, how is it put into action?

Question30: Which statements are true about the FortiAuthenticator CLI? (Choose two.)

Question31: What is a primary motivating factor for choosing FortiMail transparent mode over server mode or gateway mode?

Question32: If the corporate email policy dictates that SMTP over SSL/TLS is preferred for inbound SMTP connections and required for outbound SMTP connections, which FortiMail configuration object would be used?

Question33: Which of these is an OATH-based standard to generate one-time password tokens?

Question34: Which Fortinet Single Sign-on (FSSO) user identity discovery method can FortiAuthenticator use if the device or user identity cannot be established transparently, such as with non-domain BYOD devices?

Question35: On FortiMail which type of profile is used to configure when files are sent to a FortiSandbox?

Question36: The Windows licenses in a FortiSandbox could be locked because they have exceeded the maximum number of allowed activations. What should the administrator do to fix the problem?

Question37: What actions can a FortiADC take for HTTP traffic that is coming from an IP address that is blacklisted in the FortiGuard IP reputation database? (Choose two.)

Question38: Two FortiADC devices (ADC-1 and ADC-2) form an HA cluster. The following exhibits shows the HA configuration for both FortiADC devices:


If both FortiADC devices are up and operational. which FortiADC is the HA active FortiADC?

Question39: Which configuration object in FortiMail would be used to attach the string "[SPAM DETECTED]" to the subject header of email messages determined by FortiMail to be spam? (Choose one.)

Question40: Which of these is a security feature specific to FortiADC global load balancing? (Choose two.)

Question41: Which three methods are available to perform backups of the FortiMail configuration data? (Choose three.)

Question42: Which statements are true for the EAP-TTLS authentication method? (Choose two.)

Question43: Which statements are true about the RADIUS service on FortiAuthenticator? (Choose two.)

Question44: Which configuration elements must be in place for the FortiADC global load balancing feature to discover from local FortiADC server load balancers the virtual servers that can be included in the GLB virtual server pools? (Choose two.)

Question45: Once defined, an antivirus profile can be activated from which two configuration objects in FortiMail?
(Choose two.)

Question46: What statement is true for the self-service portal? (Choose two.)

Question47: Which protocols can FortiSandbox use to connect to a network file share? (Choose two.)

Question48: Access delivery rules provide which two of the following functions? (Choose two.)

Question49: Which is true regarding Microsoft Office on FortiSandbox?

Question50: Which two types of digital certificates can you create in FortiAuthenticator? (Choose two.)

Question51: Which threats can a FortiSandbox inspect when it is deployed in sniffer mode? (Choose three.)

Question52: An administrator is running the following sniffer in a FortiADC:

What information is included in the output of the sniffer? (Choose two.)

Question53: Two FortiADC devices from an HA cluster. What information can be synchronized between both FortiADC devices? (Choose three.)

Question54: Which methods can be used to submit files to FortiSandbox for inspection? (Choose two.)

Question55: You want to allow guests to authenticate to your network through Facebook. What configuration is required on FortiAuthenticator? (Choose two.)

Question56: Which of the following statements about layer 2 load balancing are true? (Choose two.)

Question57: Which FortiADC log severity level corresponds to Log Severity Level 2?

Question58: What information does a scan job report include? (Choose two.)

Question59: Which devices can receive logs from FortiSandbox? (Choose two.)

Question60: Which of the following statements about virtual tunneling for outbound link load balancing are true?
(Choose three.)