MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: What is the benefit of using FortiGate NAC LAN Segments?
Question2: Refer to the exhibit showing a firewall policy configuration.To prevent unauthorized access of their cloud assets, an administrator wants to enforce authentication on firewall policy ID 1.What change does the administrator need to make?
Question3: You are running a diagnose command continuously as traffic flows through a platform with NP6 and you obtain the following output:Given the information shown in the output, which two statements are true? (Choose two.)
Question4: Refer to the exhibit.The exhibit shows two error messages from a FortiGate root Security Fabric device when you try to configure a new connection to a FortiClient EMS Server.Referring to the exhibit, which two actions will fix these errors? (Choose two.)
Question5: SD-WAN is configured on a FortiGate. You notice that when one of the internet links has high latency the time to resolve names using DNS from FortiGate is very high.You must ensure that the FortiGate DNS resolution times are as low as possible with the least amount of work.What should you configure?
Question6: Refer to the exhibit, which shows the high availability configuration for the FortiAuthenticator (FAC1).Based on this information, which statement is true about the next FortiAuthenticator (FAC2) member that will join an HA cluster with this FortiAuthenticator (FAC1)?
Question7: A customer is planning on moving their secondary data center to a cloud-based laaS. They want to place all the Oracle-based systems Oracle Cloud, while the other systems will be on Microsoft Azure with ExpressRoute service to their main data center.They have about 200 branches with two internet services as their only WAN connections. As a security consultant you are asked to design an architecture using Fortinet products with security, redundancy and performance as a priority.Which two design options are true based on these requirements? (Choose two.)
Question8: Refer to the CLI output:Given the information shown in the output, which two statements are correct? (Choose two.)
Question9: Refer to the exhibit showing an SD-WAN configuration.According to the exhibit, if an internal user pings 10.1.100.2 and 10.1.100.22 from subnet 172.16.205.0/24, which outgoing interfaces will be used?
Question10: Refer to the exhibit.You are operating an internal network with multiple OSPF routers on the same LAN segment. FGT_3 needs to be added to the OSPF network and has the configuration shown in the exhibit. FGT_3 is not establishing any OSPF connection.What needs to be changed to the configuration to make sure FGT_3 will establish OSPF neighbors without affecting the DR/BDR election?
Question11: A remote worker requests access to an SSH server inside the network. You deployed a ZTNA Rule to their FortiClient. You need to follow the security requirements to inspect this traffic.Which two statements are true regarding the requirements? (Choose two.)
Question12: Refer to the exhibit showing a FortiSOAR playbook.You are investigating a suspicious e-mail alert on FortiSOAR, and after reviewing the executed playbook, you can see that it requires intervention.What should be your next step?
Question13: Refer to the CLI configuration of an SSL inspection profile from a FortiGate device configured to protect a web server:Based on the information shown, what is the expected behavior when an HTTP/2 request comes in?
Question14: A retail customer with a FortiADC HA cluster load balancing five webservers in L7 Full NAT mode is receiving reports of users not able to access their website during a sale event. But for clients that were able to connect, the website works fine.CPU usage on the FortiADC and the web servers is low, application and database servers are still able to handle more traffic, and the bandwidth utilization is under 30%.Which two options can resolve this situation? (Choose two.)
Question15: On a FortiGate Configured in Transparent mode, which configuration option allows you to control Multicast traffic passing through the?
Question16: Refer to the exhibit.A customer has deployed a FortiGate 200F high-availability (HA) cluster that contains & TPM chip. The exhibit shows output from the FortiGate CLI session where the administrator enabled TPM.Following these actions, the administrator immediately notices that both FortiGate high availability (HA) status and FortiManager status for the FortiGate are negatively impacted.What are the two reasons for this behavior? (Choose two.)
Question17: Refer to the exhibit showing FortiGate configurationsFortiManager VM high availability (HA) is not functioning as expected after being added to an existing deployment.The administrator finds that VRRP HA mode is selected, but primary and secondary roles are greyed out in the GUI The managed devices never show online when FMG-B becomes primary, but they will show online whenever the FMG-A becomes primary.What change will correct HA functionality in this scenario?
Question18: Refer to the exhibit containing the configuration snippets from the FortiGate. Customer requirements:* SSLVPN Portal must be accessible on standard HTTPS port (TCP/443)* Public IP address (129.11.1.100) is assigned to portl* Datacenter.acmecorp.com resolves to the public IP address assigned to portl The customer has a Let's Encrypt certificate that is going to expire soon and it reports that subsequent attempts to renew that certificate are failing.Reviewing the requirement and the exhibit, which configuration change below will resolve this issue?A)B)C)
Question19: You are deploying a FortiExtender (FEX) on a FortiGate-60F. The FEX will be managed by the FortiGate. You anticipate high utilization. The requirement is to minimize the overhead on the device for WAN traffic.Which action achieves the requirement in this scenario?
Question20: Refer to the exhibits.A FortiGate cluster (CL-1) protects a data center hosting multiple web applications. A pair of FortiADC devices are already configured for SSL decryption (FAD-1), and re-encryption (FAD-2). CL-1 must accept unencrypted traffic from FAD-1, perform application detection on the plain-text traffic, and forward the inspected traffic to FAD-2.The SSL-Offload-App-Detect application list and SSL-Offload protocol options profile are applied to the firewall policy handling the web application traffic on CL-1.Given this scenario, which two configuration tasks must the administrator perform on CL-1? (Choose two.) A)B)
Question21: You are responsible for recommending an adapter type for NICs on a FortiGate VM that will run on an ESXi Hypervisor. Your recommendation must consider performance as the main concern, cost is not a factor. Which adapter type for the NICs will you recommend?
Question22: Refer to the exhibit, which shows a Branch1 configuration and routing table.In the SD-WAN implicit rule, you do not want the traffic load balance for the overlay interface when all members are available.In this scenario, which configuration change will meet this requirement?
Question23: You must configure an environment with dual-homed servers connected to a pair of FortiSwitch units using an MCLAG.Multicast traffic is expected in this environment, and you should ensure unnecessary traffic is pruned from links that do not have a multicast listener.In which two ways must you configure the igmps-f lood-traffic and igmps-flood-report settings? (Choose two.)
Question24: An automation stitch was configured using an incoming webhook as the trigger named 'my_incoming_webhook'. The action is configured to execute the CLI Script shown:
Question25: Refer to the exhibit.A FortiWeb appliance is configured for load balancing web sessions to internal web servers. The Server Pool is configured as shown in the exhibit.How will the sessions be load balanced between server 1 and server 2 during normal operation?