Q1. - (Topic 2)
Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it.
config router static
edit 1
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 10
set device port1
next
edit 2
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 20
set device port2
next
end
Which of the following statements correctly describes the static routing configuration provided above?
A. The FortiGate unit will evenly share the traffic to 172.20.168.0/24 through both routes.
B. The FortiGate unit will share the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.
C. The FortiGate unit will send all the traffic to 172.20.168.0/24 through port1.
D. Only the route that is using port1 will show up in the routing table.
Answer: C
Q2. - (Topic 2)
Review the IPsec Phase2 configuration shown in the Exhibit; then answer the question following it.
Which of the following statements are correct regarding this configuration? (Select all that apply).
A. The Phase 2 will re-key even if there is no traffic.
B. There will be a DH exchange for each re-key.
C. The sequence number of ESP packets received from the peer will not be checked.
D. Quick mode selectors will default to those used in the firewall policy.
Answer: A,B
Q3. CORRECT TEXT - (Topic 1)
The __________CLI command is used on the FortiGate unit to run static commands such as ping or to reset the FortiGate unit to factory defaults.
Answer: execute
Q4. - (Topic 1)
Which of the following methods can be used to access the CLI? (Select all that apply.)
A. By using a direct connection to a serial console.
B. By using the CLI console window in the GUI.
C. By using an SSH connection.
D. By using a Telnet connection.
Answer: A,B,C,D
Q5. - (Topic 2)
Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit below.
Which of the following statements are correct regarding this output? (Select all that apply.)
A. The connecting client has been allocated address 172.20.1.1.
B. In the Phase 1 settings, dead peer detection is enabled.
C. The tunnel is idle.
D. The connecting client has been allocated address 10.200.3.1.
Answer: A,B
Q6. - (Topic 1)
You wish to create a firewall policy that applies only to traffic intended for your web server. The server has an IP address of 192.168.2.2 and belongs to a class C subnet. When defining the firewall address for use in this policy, which one of the following addressing formats is correct?
A. 192.168.2.0 / 255.255.255.0
B. 192.168.2.2 / 255.255.255.0
C. 192.168.2.0 / 255.255.255.255
D. 192.168.2.2 / 255.255.255.255
Answer: D
Q7. - (Topic 1)
Which of the following statements correctly describes how a push update from the FortiGuard Distribution Network (FDN) works?
A. The FDN sends push updates only once.
B. The FDN sends package updates automatically to the FortiGate unit without requiring an update request.
C. The FDN continues to send push updates until the FortiGate unit sends an acknowledgement.
D. The FDN sends a message to the FortiGate unit that there is an update available and that the FortiGate unit should download the update.
Answer: D
Q8. - (Topic 1)
Because changing the operational mode to Transparent resets device (or vdom) to all defaults, which precautions should an Administrator take prior to performing this? (Select all that apply.)
A. Backup the configuration.
B. Disconnect redundant cables to ensure the topology will not contain layer 2 loops.
C. Set the unit to factory defaults.
D. Update IPS and AV files.
Answer: A,B
Q9. - (Topic 1)
Which of the following statements is correct regarding URL Filtering on the FortiGate unit?
A. The FortiGate unit can filter URLs based on patterns using text and regular expressions.
B. The available actions for URL Filtering are Allow and Block.
C. Multiple URL Filter lists can be added to a single Web filter profile.
D. A FortiGuard Web Filtering Override match will override a block action in the URL filter list.
Answer: A
Q10. - (Topic 3)
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed set of IPSec tunnels? (Select all that apply.)
A. Using a hub and spoke topology is required to achieve full redundancy.
B. Using a hub and spoke topology simplifies configuration.
C. Using a hub and spoke topology provides stronger encryption.
D. Using a hub and spoke topology reduces the number of tunnels.
Answer: B,D