EMT Practice Test

1. Question Content...


Question List

Question1: For the case of outbound link load balancing, which upstream link is elected by the proximity route dynamic detection feature as the best one for a destination IP address?

Question2: Which is not a supported captive portal authentication method?

Question3: Which devices can receive logs from FortiSandbox? (Choose two.)

Question4: Which FortiADC features can be used to harden the device and server security? (Choose two.)

Question5: Why is it recommended to choose the FortiMail operation mode early in the setup process?

Question6: When FortiMail is operating in server mode, the DNS MX records for each protected domain should point to:

Question7: Which of the following statements about virtual tunneling for outbound link load balancing are true?
(Choose three.)

Question8: You want to allow guests to authenticate to your network through Facebook. What configuration is required on FortiAuthenticator? (Choose two.)

Question9: Which CLI command on FortiAuthenticator is not used for troubleshooting network connectivity issues?

Question10: What is a primary motivating factor for choosing FortiMail transparent mode over server mode or gateway mode?

Question11: If the corporate email policy dictates that SMTP over SSL/TLS is preferred for inbound SMTP connections and required for outbound SMTP connections, which FortiMail configuration object would be used?

Question12: RADIUS authentication with FortiAuthenticator is not working. The traffic sniffer indicates that client traffic is not reaching FortiAuthenticator. Which could be the cause of the problem? (Choose two.)

Question13: On FortiMail which type of profile is used to configure when files are sent to a FortiSandbox?

Question14: What actions can a FortiADC take for HTTP traffic that is coming from an IP address that is blacklisted in the FortiGuard IP reputation database? (Choose two.)

Question15: A device that is 802.1X non-compliant must be connected to the network. Which authentication method can you use to authenticate the device with FortiAuthenticator?

Question16: Two FortiADC devices from an HA cluster. What information can be synchronized between both FortiADC devices? (Choose three.)

Question17: Which protocols can a FortiSandbox inspect when is deployed in sniffer mode? (Choose two.)

Question18: Which configuration elements must be in place for the FortiADC global load balancing feature to discover from local FortiADC server load balancers the virtual servers that can be included in the GLB virtual server pools? (Choose two.)

Question19: Which three methods are available to perform backups of the FortiMail configuration data? (Choose three.)

Question20: Which statements are true about the RADIUS service on FortiAuthenticator? (Choose two.)

Question21: If a corporate policy mandates IBE encryption for all outgoing emails sent to a specific email domain, which FortiMail configuration object would be utilized to make that happen?

Question22: Which of the following features are available in all FortiADC models? (Choose three.)

Question23: Which statements are true for the EAP-TTLS authentication method? (Choose two.)

Question24: Which protocols can FortiSandbox use to connect to a network file share? (Choose two.)

Question25: What information does a scan job report include? (Choose two.)

Question26: An administrator wants to implement load balancing persistence by configuring the FortiADC to prefix the server ID to an existing cookie sent by the back-end servers. Which persistence method can the administrator use?

Question27: If the FortiMail administrator wished to identify emails which were sent to a particular email address so that those emails could be processed differently, which configuration object would the administrator use?

Question28: Which of the following statements best describe what a SYN cookie does when a SYN packet is received?

Question29: Two FortiADC devices (ADC-1 and ADC-2) form an HA cluster. The following exhibits shows the HA configuration for both FortiADC devices:


If both FortiADC devices are up and operational. which FortiADC is the HA active FortiADC?

Question30: Which of these is an OATH-based standard to generate one-time password tokens?

Question31: What is one requirement for your network when deploying FortiAuthenticator?

Question32: Which Fortinet Single Sign-on (FSSO) user identity discovery method can FortiAuthenticator use if the device or user identity cannot be established transparently, such as with non-domain BYOD devices?

Question33: You are a FortiAuthenticator administrator for a large organization, and suddenly all of the FortiToken 200 users in the organization are unable to authenticate using their tokens. What is the most probable reason?

Question34: In transparent mode, when choosing between using the built-in MTA or using the transparent proxy, what difference might be encountered regarding mail routing?

Question35: An administrator is running the following sniffer in a FortiADC:

What information is included in the output of the sniffer? (Choose two.)

Question36: Which of these is a security feature specific to FortiADC global load balancing? (Choose two.)

Question37: What statement is true for the self-service portal? (Choose two.)

Question38: Once defined, an antivirus profile can be activated from which two configuration objects in FortiMail?
(Choose two.)

Question39: FortiGate is configured to send suspicious files to a FortiSandbox for in-line inspection. The administrator creates a new VDOM, and then generates some traffic so what the new VDOM sends a file to the FortiSandbox for the first time. Which is true regarding this scenario?

Question40: In a server mode config-only cluster, where is the mail data stored? (Choose one.)

Question41: Which protocols are supported for archiving scan job reports? (Choose two.)

Question42: Once an antispam profile has been configured, how is it put into action?

Question43: If FortiSandbox connects to FortiGuard through a web proxy server, which FortiSandbox interface must have access to the proxy server?

Question44: Which FortiGate process sends files to FortiSandbox for inspection?

Question45: What mechanism does FortiGate use to avoid sending a file that has been already inspected to FortiSandbox?

Question46: The Windows licenses in a FortiSandbox could be locked because they have exceeded the maximum number of allowed activations. What should the administrator do to fix the problem?

Question47: Which statements are true about the FortiAuthenticator CLI? (Choose two.)

Question48: Which is true regarding Microsoft Office on FortiSandbox?

Question49: Access delivery rules provide which two of the following functions? (Choose two.)

Question50: Which configuration object in FortiMail would be used to attach the string "[SPAM DETECTED]" to the subject header of email messages determined by FortiMail to be spam? (Choose one.)

Question51: Which behavior does not exist for certificate revocation lists (CRLs) on FortiAuthenticator?

Question52:
Based on the exhibit, which are true? (Choose two.)

Question53: The sender validation techniques SPF and DKIM rely on data provided by what type of entity?

Question54: Which methods can be used to submit files to FortiSandbox for inspection? (Choose two.)

Question55: Which two types of digital certificates can you create in FortiAuthenticator? (Choose two.)

Question56: Which of the following statements about layer 2 load balancing are true? (Choose two.)

Question57: Which FortiADC log severity level corresponds to Log Severity Level 2?

Question58: Which threats can a FortiSandbox inspect when it is deployed in sniffer mode? (Choose three.)

Question59: What is the maximum number of sites (or peers) supported in a global load-balancing solution based on FortiADC?

Question60: When FortiMail is operating is transparent mode, SMTP sessions are intercepted and scanned based on what criteria?