Q1. - (Topic 1)
By default the Intrusion Protection System (IPS) on a FortiGate unit is set to perform which action?
A. Block all network attacks.
B. Block the most common network attacks.
C. Allow all traffic.
D. Allow and log all traffic.
Answer: C
Q2. - (Topic 1)
Users may require access to a web site that is blocked by a policy. Administrators can give
users the ability to override the block. Which of the following statements regarding overrides is NOT correct?
A. A web filter profile may only have one user group defined as an override group.
B. A firewall user group can be used to provide override privileges for FortiGuard Web Filtering.
C. When requesting an override, the matched user must belong to a user group for which the override capabilty has been enabled.
D. Overrides can be allowed by the administrator for a specific period of time.
Answer: A
Q3. - (Topic 1)
When firewall policy authentication is enabled, only traffic on supported protocols will trigger an authentication challenge.
Select all supported protocols from the following:
A. SMTP
B. SSH
C. HTTP
D. FTP
E. SCP
Answer: C,D
Q4. - (Topic 2)
Review the output of the command config router ospf shown in the Exhibit below; then answer the question following it.
Which one of the following statements is correct regarding this output?
A. OSPF Hello packets will only be sent on interfaces configured with the IP addresses
172.16.1.1 and 172.16.1.2.
B. OSPF Hello packets will be sent on all interfaces of the FortiGate device.
C. OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks.
D. OSPF Hello packets are not sent on point-to-point networks.
Answer: C
Q5. - (Topic 3)
When viewing the Banned User monitor in Web Config, the administrator notes the entry illustrated in the exhibit.
Which of the following statements is correct regarding this entry?
A. The entry displays a ban that has been added as a result of traffic triggering a configured DLP rule.
B. The entry displays a ban that was triggered by HTTP traffic matching an IPS signature.
This client is banned from receiving or sending any traffic through the FortiGate.
C. The entry displays a quarantine, which could have been added by either IPS or DLP.
D. This entry displays a ban entry that was added manually by the administrator on June11th.
Answer: A
Q6. - (Topic 3)
Which of the following DLP actions will override any other action?
A. Exempt
B. Quarantine Interface
C. Block
D. None
Answer: A
Q7. - (Topic 3)
Which of the following methods does the FortiGate unit use to determine the availability of a web cache using Web Cache Communication Protocol (WCCP)?
A. The FortiGate unit receives periodic "Here I am" messages from the web cache.
B. The FortiGate unit polls all globally-defined web cache servers at a regular intervals.
C. The FortiGate using uses the health check monitor to verify the availability of a web cache server.
D. The web cache sends an "I see you" message which is captured by the FortiGate unit.
Answer: C
Q8. - (Topic 1)
The FortiGate Web Config provides a link to update the firmware in the System > Status window. Clicking this link will perform which of the following actions?
A. It will connect to the Fortinet support site where the appropriate firmware version can be selected.
B. It will send a request to the FortiGuard Distribution Network so that the appropriate firmware version can be pushed down to the FortiGate unit.
C. It will present a prompt to allow browsing to the location of the firmware file.
D. It will automatically connect to the Fortinet support site to download the most recent firmware version for the FortiGate unit.
Answer: C
Q9. - (Topic 2)
Review the IKE debug output for IPsec shown in the Exhibit below.
Which one of the following statements is correct regarding this output?
A. The output is a Phase 1 negotiation.
B. The output is a Phase 2 negotiation.
C. The output captures the Dead Peer Detection messages.
D. The output captures the Dead Gateway Detection packets.
Answer: C
Q10. - (Topic 3)
Which of the following DLP actions will always be performed if it is selected?
A. Archive
B. Quarantine Interface
C. Ban Sender
D. Block
E. None
F. Ban
G. Quarantine IP Address
Answer: A