Q1. - (Topic 15)
Review the IKE debug output for IPsec shown in the exhibit below.
Which statements is correct regarding this output?
A. The output is a phase 1 negotiation.
B. The output is a phase 2 negotiation.
C. The output captures the dead peer detection messages.
D. The output captures the dead gateway detection packets.
Answer: C
Q2. - (Topic 16)
Which statement correctly describes the output of the command diagnose ips anomaly list?
A. Lists the configured DoS policy.
B. List the real-time counters for the configured DoS policy.
C. Lists the errors captured when compiling the DoS policy.
D. Lists the IPS signature matches.
Answer: B
Q3. - (Topic 15)
Review the IPsec phase 1 configuration in the exhibit; then answer the question below.
Which statements are correct regarding this configuration? (Choose two.)
A. The remote gateway address on 10.200.3.1.
B. The local IPsec interface address is 10.200.3.1.
C. The local gateway IP is the address assigned to port1.
D. The local gateway IP address is 10.200.3.1.
Answer: A,C
Q4. - (Topic 1)
What capabilities can a FortiGate provide? (Choose three.)
A. Mail relay.
B. Email filtering.
C. Firewall.
D. VPN gateway.
E. Mail server.
Answer: B,C,D
Q5. - (Topic 18)
Bob wants to send Alice a file that is encrypted using public key cryptography.
Which of the following statements is correct regarding the use of public key cryptography in this scenario?
A. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file.
B. Bob will use his public key to encrypt the file and Alice will use Bob's private key to decrypt the file.
C. Bob will use Alice's public key to encrypt the file and Alice will use her private key to decrypt the file.
D. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file.
Answer: C
Q6. - (Topic 11)
Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it.
Which two statements are correct regarding this output? (Choose two.)
A. There will be six routes in the routing table.
B. There will be seven routes in the routing table.
C. There will be two default routes in the routing table.
D. There will be two routes for the 10.0.2.0/24 subnet in the routing table.
Answer: A,C
Q7. - (Topic 4)
Which statements are true regarding local user authentication? (Choose two.)
A. Two-factor authentication can be enabled on a per user basis.
B. Local users are for administration accounts only and cannot be used to authenticate network users.
C. Administrators can create the user accounts is a remote server and store the user passwords locally in the FortiGate.
D. Both the usernames and passwords can be stored locally on the FortiGate
Answer: A,D
Q8. - (Topic 6)
What is IPsec Perfect Forwarding Secrecy (PFS)?.
A. A phase-1 setting that allows the use of symmetric encryption.
B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires.
C. A ‘key-agreement’ protocol.
D. A ‘security-association-agreement’ protocol.
Answer: B
Q9. - (Topic 3)
Examine the following CLI configuration: config system session-ttl set default 1800 end What statement is true about the effect of the above configuration line?
A. Sessions can be idle for no more than 1800 seconds.
B. The maximum length of time a session can be open is 1800 seconds.
C. After 1800 seconds, the end user must re-authenticate.
D. After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.
Answer: A
Q10. - (Topic 15)
Review the static route configuration for IPsec shown in the exhibit; then answer the question below.
Which statements are correct regarding this configuration? (Choose two.)
A. Interface remote is an IPsec interface.
B. A gateway address is not required because the interface is a point-to-point connection.
C. A gateway address is not required because the default route is used.
D. Interface remote is a zone.
Answer: A,B