EMT Practice Test

1. Question Content...


Question List

Question1: Your colleague has enabled virtual clustering to load balance traffic between the cluster units. You notice that all traffic is currently directed to a single FortiGate unit. Your colleague has applied the configuration shown in the exhibit.

Which step would you perform to load balance traffic within the virtual cluster?

Question2: A FortiGate is deployed in the NAT/Route operation mode.
This operation mode operates at which OSI layer?

Question3: Which VPN protocol is supported by FortiGate units?

Question4:
The wireless controller diagnostic output is shown in the exhibit.
Which three statements are true? (Choose three.)

Question5:
Referring to the exhibit, you want to know if aggregating port7 and port22 will work.
Which statement is correct?

Question6:
You must establish a BGP peering with a service provider. The provider has supplied you with BGP peering parameters and you performed the basic configuration shown in the exhibit on your FortiGate unit.
You notice that your peering session is not coming up.
Which three missing configuration statements are needed to make this configuration functional? (Choose three.)
A)

B)

C)

D)

E)

Question7: Your NOC contracts the security team due to a problem with a new application flow. You are instructed to disable hardware acceleration for the policy shown in the exhibit for troubleshooting purposes.

Which command will disable hardware acceleration for the new application policy?
A)

B)

C)

D)

Question8: Your security department has requested that you implement the
OpenSSL.TLS.Heartbeat.Information.Disclosure signature using an IPS sensor to scan traffic destined to the FortiGate. You must log all packets that attempt to exploit this vulnerability.
Referring to the exhibit, which two configurations are required to accomplish this task? (Choose two.)

A)

B)

C)

D)

Question9: Which three statements about throughput on a wireless network are true? (Choose three.)

Question10: You are asked to establish a VPN tunnel with a service provider using a third-party VPN device. The service provider has assigned subnet 30.30.30.0/24 for your outgoing traffic going towards the services hosted by the provider on network 20.20.20.0/24. You have multiple computers which will be accessing the remote services hosted by the service provider.

Which three configuration components meet these requirements? (Choose three.)

Question11: An administrator wants to assign static IP addresses to users connecting tunnel-mode SSL VPN. Each SSL VPN user must always get the same unique IP address which is never assigned to any other user.
Which solution accomplishes this task?

Question12: Which command detects where a routing path is broken?

Question13: You notice that your FortiGate's memory usage is very high and that the unit's performance is adversely affected. You want to reduce memory usage.
Which three commands would meet this requirement? (Choose three.)
A)

B)

C)

D)

E)

Question14: You notice that memory usage is high and FortiGate has entered conserve mode. You want FortiGate's IPS engine to focus only on exploits and attacks that are applicable to your specific network.
Which two steps would you take to reduce RAM usage without weakening security? (Choose two.)

Question15:
Referring to the diagram shown in the exhibit, you deployed VRRP load balancing using two FortiGate units and two VRRP groups with a VRRP virtual MAC address enabled on both FortiGate's port2 interface.
During normal operation, both FortiGate units are processing traffic and the VRRP groups are used to load balance the traffic between the two FortiGate units.
If FortiGate unit A fails, what would happen?

Question16: A data center for example.com hosts several separate Web applications. Users authenticate with all of them by providing their Active Directory (AD) login credentials. You do not have access to Example, Inc.'s AD server. Your solution must do the following:
- provide single sign-on (SSO) for all protected Web applications
- prevent login brute forcing
- scan FTPS connections to the Web servers for exploits
- scan Webmail for OWASP Top 10 vulnerabilities such as session cookie hijacking, XSS, and SQL injection attacks
Which solution meets these requirements?

Question17: You are investigating a problem related to FTP active mode. You use a test PC with IP address
10.100.60.5 to connect to the FTP server at 172.16.133.50 and transfer a large file. The FortiGate translates source address (SNAT) in network 10.100.60.0/24 to the IP address 172.16.133.1.
Which two groups of CLI commands allow you to see information related to this FTP connection (Choose two.)
A)

B)

C)

D)

Question18: FortiGate1 has a gateway-to-gateway IPsec VPN to FortiGate2. The entire IKE negotiation between FortiGate1 and FortiGate2 is on UDP port 500. A PC on FortuGate2's local area network is sending continuous ping requests over the VPN tunnel to a PC of FortiGate1's local area network. No other traffic is sent over the tunnel.

Which statement is true on this scenario?

Question19: Which three configuration scenarios will result in an IPsec negotiation failure between two FortiGate devices? (Choose three.)

Question20: You are an administrator of FortiGate devices that use FortiManager for central management. You need to add a policy on an ADOM, but upon selecting the ADOM drop-down list, you notice that the ADOM is in locked state. Workflow mode is enabled on your FortiManager to define approval or notification workflow when creating and installing policy changes.
What caused this problem?

Question21: You have replaced an explicit proxy Web filter with a FortiGate. The human resources department requires that all URLs be logged. Users are reporting that their browsers are now indicating certificate errors as shown in the exhibit.

Which step is a valid solution to the problem?

Question22: Which command syntax would you use to configure the serial number of a FortiGate as its host name?
A)

B)

C)

D)

Question23: You are hosting Web applications that must be PCI DSS compliant. The Web applications are protected by a FortiWeb. Compliance will be tested during the quarterly security review.
In this scenario, which three FortiWeb features should you use? (Choose three.)

Question24: You verified that application control is working from previous configured categories. You just added Skype on blocked signatures. However, after applying the profile to your firewall policy, clients running Skype can still connect and use the application.
What are two causes of this problem? (Choose two.)

Question25:
The output shown in the exhibit from FortiManager is displayed during an import of the device configuration.
Which statement describes the correct action taken for these duplicate objects?

Question26:
A customer wants to secure the network shown in the exhibit with a full redundancy design.
Which security design would you use?

Question27: A customer wants to install a FortiSandbox device to identify suspicious files received by an e-mail server.
All the incoming e-mail traffic to the e-mail server uses the SMTPS protocol.
Which three solutions would be implemented? (Choose three.)

Question28: A university is looking for a solution with the following requirements:
- wired and wireless connectivity
- authentication (LDAP)
- Web filtering, DLP and application control
- data base integration using LDAP to provide access to those students who are up-to-date with their monthly payments
- support for an external captive portal
Which solution meets these requirements?

Question29: You have received an issue report about users not being able to use a video conferencing application. This application uses two UDP ports and two TCP ports to communicate with servers on the Internet. The network engineering team has confirmed there is no routing problem. You are given a copy of the FortiGate configuration.
Which three configuration objects will you inspect to ensure that no policy is blocking this traffic? (Choose three.)

Question30: A customer wants to implement a RADIUS Single Sign On (RSSO) solution for multiple FortiGate devices.
The customer's network already includes a RADIUS server that can generate the logon and logoff accounting records. However, the RADIUS server can send those records to only one destination.
What should the customer do to overcome this limitation?

Question31: You are asked to implement a wireless network for a conference center and need to provision a high number of access points to support a large number of wireless client connections.
Which statement describes a valid solution for this requirement?

Question32:
Referring to the command output shown in the exhibit, how many hosts are connected to the FortiGate?

Question33: A customer is authenticating users using a FortiGate and an external LDAP server. The LDAP user, John Smith, cannot authenticate. The administrator runs the debug command diagnose debug application fnbamd 255while John Smith attempts the authentication:
Based on the output shown in the exhibit, what is causing the problem?

Question34: You want to enable traffic between 2001:db8:1::/64 and 2001:db8:2::/64 over the public IPv4 Internet.

Given the CLI configuration shown in the exhibit, which two additional settings are required on this device to implement tunneling for the IPv6 transition? (Choose two.)

Question35: Your FortiGate has multiple CPUs. You want to verify the load for each CPU.
Which two commands will accomplish this task? (Choose two.)

Question36:
You are installing a new FortiAP as shown in the exhibit, however, the FortiAP cannot discover the FortiGate. The FortiAP obtained an IP from the DHCP server and is reachable.
Which two configurations will resolve the problem? (Choose two.)
A)

B)

C)

D)

Question37:
Referring to the exhibit, users are reporting that their FortiFones ring but when they pick up, the cannot hear each other. The FortiFones use SIP to communicate with the SIP Proxy Server and RTP between the phones.
Which configuration change will resolve the problem?
A)

B)

C)

D)

Question38: You are asked to design a secure solution using Fortinet products for a company. The company recently has Web servers that were exploited and defaced. The customer has also experienced Denial or Service due to SYN Flood attacks. Taking this into consideration, the customer's solution should have the following requirements:
- management requires network-based content filtering with man-in-the-middle inspection
- the customer has no existing public key infrastructure but requires centralized certificate management
- users are tracked by their active directory username without installing any software on their hosts
- Web servers that have been exploited need to be protected from the OWASP Top 10
- notification of high volume SYN Flood attacks when a threshold has been triggered Which three solutions satisfy these requirements? (Choose three.)

Question39: You implemented FortiGate in transparent mode with 10 different VLAN interfaces in the same forwarding domain. You have defined a policy to allow traffic from any interface to any interface.
Which statement about your implementation is true?

Question40: A company has just installed a new FortiGate in their core to route and inspect traffic between their subnetted VLANs. The security department reports that after the installation, their IP video cameras no longer work. Research by the IT department shows that the video system uses a multicast stream to send the video to multiple video receivers.
Which two commands must be configured to resolve this problem? (Choose two.) A)

B)

C)

D)

Question41: Your marketing department uncompressed and executed a file that the whole department received using Skype.

Reviewing the exhibit, which two details do you determine from your initial analysis of the payload?

Question42:
A customer just bought an additional FortiGate device and plans to use their existing load balancer to distribute traffic across two FortiGate units participating on a BGP network serving different neighbors. The customer has mixed traffic of IPv4 and IPv6 TCP, UDP, and ICMP. The two FortiGate devices shown in the exhibit should be redundant to each other so that the NAT session and active session tables will synchronize and fail over to the unit that is still operating without any loss of data if one of the units fail.
Which high availability solution would you implement?

Question43: There is an interface-mode IPsec tunnel configured between FortiGate1 and FortiGate2. You want to run OSPF over the IPsec tunnel. On both FortiGates. the IPsec tunnel is based on physical interface port1.
Port1 has the default MTU setting on both FortiGate units.
Which statement is true about this scenario?

Question44: A company wants to protect against Denial of Service attacks and has launched a new project. They want to block the attacks that go above a certain threshold and for some others they are just trying to get a baseline of activity for those types of attacks so they are letting the traffic pass through without action.
Given the following:
- The interface to the Internet is on WAN1.
- There is no requirement to specify which addresses are being protected or protected from.
- The protection is to extend to all services.
- The tcp_syn_flood attacks are to be recorded and blocked.
- The udp_flood attacks are to be recorded but not blocked.
- The tcp_syn_flood attack's threshold is to be changed from the default to 1000.
The exhibit shows the current DoS-policy.

Which policy will implement the project requirements?
A)

B)

C)

D)

Question45:
Referring to the configuration shown in the exhibit, which three statements are true? (Choose three.)

Question46:
Given the following error message:

FortiManager fails to import policy ID 1.
What is the problem?

Question47: Which Fortinet product is used for antispam protection?

Question48: A customer has the following requirements:
- local peer with two Internet links
- remote peer with one Internet link
- secure traffic between the two peers
- granular control with Accept policies
Which solution provides security and redundancy for traffic between the two peers?

Question49: Your company uses a cluster of two FortiGate 3600C units in active-passive mode to protect the corporate network. The FortiGate cluster sends its logs to a FortiAnalyzer and you have configured scheduled weekly reports for the Internet bandwidth usage of each corporate VLAN. During a scheduled maintenance window, you make a series of configuration changes. When the next FortiAnalyzer weekly report is generated, you notice that Internet bandwidth usage reported by the FortiAnalyzer is far less than expected.
What is the reason for this discrepancy?

Question50: Given the following FortiOS 5.2 commands:

Which vulnerability is being addresses when managing FortiGate through an encrypted management protocol?

Question51: The FortiGate is an IPsec VPN hub. A VPN spoke protecting subnet 192.168.222.0/24 has successfully brought up a tunnel with the FortiGate. This remote network is present in the FortiGate routing table as shown in the exhibit.

Which statement is true?

Question52:
You have implemented FortiGate in transparent mode as shown in the exhibit. User1 from the Internet is trying to access the 192.168.10.10 Web servers.
Which two statements about this scenario are true? (Choose two.)

Question53: The FortiGate is used as an IPsec gateway at a branch office. Two tunnels, tunA and tunB, are established between this FortiGate and the headquarters' IPsec gateway. The branch office's subnet is 10.1.1.0/24.
The headquarters' subnet is 10.2.2.0/24. The desired usage for tunA and tunB has been defined as follows:
- sessions initiated from 10.1.1.0/24 to 10.2.2.0/24 must be routed out over tunA when tunA is up
- sessions initiated from 10.1.1.0/24 to 10.2.2.0/24 have to be routed out over tunB when tunA is down
- sessions initiated from 10.2.2.0/24 can ingress either on tunA or on tunB Which static routing configuration meets the requirements?
A)

B)

C)

D)

Question54: You are asked to write a FortiAnalyzer report that lists the session that has consumed the most bandwidth.
You are required to include the source IP, destination IP, application, application category, hostname, and total bandwidth consumed.
Which dataset meets these requirements?

Question55: You have deployed two FortiGate devices as an HA pair. One FortiGate will process traffic while the other FortiGate is a standby. The standby monitors the primary for failure and only takes the role of processing traffic if it detects that the primary FortiGate has failed.
Which style of FortiGate HA does this scenario describe?

Question56: Referring to the exhibit, which statement is true?

Question57: Which two features are supported only by FortiMail but not by FortiGate? (Choose two.)

Question58: The SECOPS team in your company has started a new project to store all logging data in a disaster recovery center. All FortiGates will log to a secondary FortiAnalyzer and establish a TCP session to send logs to the syslog server.
Which two configurations will achieve this goal? (Choose two.)
A)

B)

C)

D)

Question59: Virtual Domains (VDOMs) allow a FortiGate administrator to do what?

Question60:
The exhibit shows an explicit Web proxy configuration in a FortiGate device. The FortiGate is installed between a client with the IP address 172.16.10.4 and a Web server using port 80 with the IP address
10.10.3.4. The client Web browser is properly sending HTTP traffic to the FortiGate Web proxy IP address
172.16.10.254.
Which two sniffer commands will capture this HTTP traffic? (Choose two.)

Question61:
How would you apply security to the network shown in the exhibit?

Question62: You are managing a FortiAnalyzer appliance. After an upgrade, you notice that the unit no longer displays historical logs, reports do not produce any data, and FortiView summary views are empty. However, you notice that the unit is receiving logs on the dashboard widgets.
Which step resolves this problem?

Question63: A café offers free Wi-Fi. Customers' portable electronic devices often do not have antivirus software installed and may be hosting worms without their knowledge. You must protect all customers from any other customers' infected devices that join the same SSID.
Which step meets the requirement?