Q1. - (Topic 3)
Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit?
A. Packet encryption
B. MIB-based report uploads
C. SNMP access limits through access lists
D. Running SNMP service on a non-standard port is possible
Answer: A
Q2. - (Topic 3)
A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.
Which of the following statements are correct regarding these VDOMs? (Select all that apply.)
A. The FortiGate unit supports any combination of these VDOMs in NAT/Route and Transparent modes.
B. The FortiGate unit must be a model 1000 or above to support multiple VDOMs.
C. A license had to be purchased and applied to the FortiGate unit before VDOM mode could be enabled.
D. All VDOMs must operate in the same mode.
E. Changing a VDOM operational mode requires a reboot of the FortiGate unit.
F. An admin account can be assigned to one VDOM or it can have access to all three VDOMs.
Answer: A,F
Q3. - (Topic 1)
In which order are firewall policies processed on the FortiGate unit?
A. They are processed from the top down as they appear in Web Config.
B. They are processed based on the policy ID number shown in the left hand column of the policy window.
C. They are processed using a policy hierarchy scheme that allows for multiple decision branching.
D. They are processed based on a priority value assigned through the priority column in the policy window.
Answer: A
Q4. - (Topic 1)
Which of the following pieces of information can be included in the Destination Address field of a firewall policy? (Select all that apply.)
A. An IP address pool.
B. A virtual IP address.
C. An actual IP address or an IP address group.
D. An FQDN or Geographic value(s).
Answer: B,C,D
Q5. - (Topic 2)
Examine the exhibit shown below then answer the question that follows it.
Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of the following:
A. FortiGate unit’s encryption certificate used by the SSL proxy.
B. FortiGate unit’s signing certificate used by the SSL proxy.
C. FortiGuard’s signing certificate used by the SSL proxy.
D. FortiGuard’s encryption certificate used by the SSL proxy.
Answer: A
Q6. - (Topic 1)
Which of the following statements are true of the FortiGate unit’s factory default configuration?
A. ‘Port1’ or ‘Internal’ interface will have an IP of 192.168.1.99.
B. ‘Port1’ or ‘Internal’ interface will have a DHCP server set up and enabled (on devices that support DHCP Servers).
C. Default login will always be the username: admin (all lowercase) and no password.
D. The implicit firewall action is ACCEPT.
Answer: A,B,C
Q7. - (Topic 1)
Which of the following items does NOT support the.Logging feature?
A. File Filter
B. Application control
C. Session timeouts
D. Administrator activities
E. Web URL filtering
Answer: C
Q8. - (Topic 2)
Identify the statement which correctly describes the output of the following command: diagnose ips anomaly list
A. Lists the configured DoS policy.
B. List the real-time counters for the configured DoS policy.
C. Lists the errors captured when compiling the DoS policy.
Answer: B
Q9. - (Topic 1)
A FortiGate unit can create a secure connection to a client using SSL VPN in tunnel mode.
Which of the following statements are correct regarding the use of tunnel mode SSL VPN? (Select all that apply.)
A. Split tunneling can be enabled when using tunnel mode SSL VPN.
B. Software must be downloaded to the web client to be able to use a tunnel mode SSL VPN.
C. Users attempting to create a tunnel mode SSL VPN connection must be members of a configured user group on the FortiGate unit.
D. Tunnel mode SSL VPN requires the FortiClient software to be installed on the user's computer.
E. The source IP address used by the client for the tunnel mode SSL VPN is assigned by the FortiGate unit.
Answer: A,B,C,E
Q10. - (Topic 2)
Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)
A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
C. VDOMs share firmware versions, as well as antivirus and IPS databases.
D. Only administrative users with a 'super_admin' profile will be able to enter multiple VDOMs to make configuration changes.
Answer: A,B,C