Q1. - (Topic 3)
Which of the following must be configured on a FortiGate unit to redirect content requests to remote web cache servers?
A. WCCP must be enabled on the interface facing the Web cache.
B. You must enabled explicit Web-proxy on the incoming interface.
C. WCCP must be enabled as a global setting on the FortiGate unit.
D. WCCP must be enabled on all interfaces on the FortiGate unit through which HTTP traffic is passing.
Answer: A
Q2. - (Topic 1)
Two-factor authentication is supported using the following methods? (Select all that apply.)
A. FortiToken
B. Email
C. SMS phone message
D. Code books
Answer: A,B,C
Q3. - (Topic 1)
A FortiGate unit can provide which of the following capabilities? (Select all that apply.)
A. Email filtering
B. Firewall
C. VPN gateway
D. Mail relay
E. Mail server
Answer: A,B,C
Q4. - (Topic 3)
Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies?
A. TCP connection
B. File attachments
C. Message headers
D. Message body
Answer: A
Q5. - (Topic 2)
FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory.
Which of the following statements are correct regarding FSSO in a Windows domain environment when NTLM and Polling Mode are not used? (Select all that apply.)
A. An FSSO Collector Agent must be installed on every domain controller.
B. An FSSO Domain Controller Agent must be installed on every domain controller.
C. The FSSO Domain Controller Agent will regularly update user logon information on the FortiGate unit.
D. The FSSO Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.
E. For non-domain computers, the only way to allow FSSO authentication is to install an FSSO client.
Answer: B,D
Q6. - (Topic 1)
A FortiGate 100 unit is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. Which of the following statements are possible reasons for this? (Select all that apply.)
A. The external facing interface of the FortiGate unit is configured to use DHCP.
B. The FortiGate unit has not been registered.
C. There is a NAT device between the FortiGate unit and the FortiGuard Distribution Network.
D. The FortiGate unit is in Transparent mode.
Answer: A,B,C
Q7. - (Topic 2)
Review the static route configuration for IPsec shown in the Exhibit below; then answer the question following it.
Which of the following statements are correct regarding this configuration? (Select all that apply).
A. Remote_1 is a Phase 1 object with interface mode enabled
B. The gateway address is not required because the interface is a point-to-point connection
C. The gateway address is not required because the default route is used
D. Remote_1 is a firewall zone
Answer: A,B
Q8. - (Topic 2)
Shown below is a section of output from the debug command diag ip arp list.
index=2 ifname=port1 172.20.187.150 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 ref=1
In the output provided, which of the following best describes the IP address 172.20.187.150?
A. It is the primary IP address of the port1 interface.
B. It is one of the secondary IP addresses of the port1 interface.
C. It is the IP address of another network device located in the same LAN segment as the FortiGate unit’s port1 interface.
Answer: C
Q9. - (Topic 2)
How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.)
A. File TypE. Microsoft Office(msoffice)
B. File TypE. Archive(zip)
C. File TypE. Unknown Filetype(unknown)
D. File NamE. "*.ppt", "*.doc", "*.xls"
E. File NamE. "*.pptx", "*.docx", "*.xlsx"
Answer: B,E
Q10. - (Topic 2)
Select the answer that describes what the CLI command diag debug authd fsso list is used for.
A. Monitors communications between the FSSO Collector Agent and FortiGate unit.
B. Displays which users are currently logged on using FSSO.
C. Displays a listing of all connected FSSO Collector Agents.
D. Lists all DC Agents installed on all Domain Controllers.
Answer: B