Q1. - (Topic 1)
Which statement is correct regarding virus scanning on a FortiGate unit?
A. Virus scanning is enabled by default.
B. Fortinet Customer Support enables virus scanning remotely for you.
C. Virus scanning must be enabled in a UTM security profile and the UTM security profile must be assigned to a firewall policy.
D. Enabling virus scanning in a UTM security profile enables virus scanning for all traffic flowing through the FortiGate device.
Answer: C
Q2. - (Topic 3)
An administrator logs into a FortiGate unit using an account which has been assigned a super_admin profile. Which of the following operations can this administrator perform?
A. They can delete logged-in users who are also assigned the super_admin access profile.
B. They can make changes to the super_admin profile.
C. They can delete the admin account if the default admin user is not logged in.
D. They can view all the system configuration settings but can not make changes.
E. They can access configuration options for only the VDOMs to which they have been assigned.
Answer: C
Q3. - (Topic 2)
Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.)
A. They both create separate broadcast domains.
B. Port Pairing works only for physical interfaces.
C. Forwarding Domains only apply to virtual interfaces.
D. They may contain physical and/or virtual interfaces.
E. They are only available in high-end models.
Answer: A,D
Q4. - (Topic 1)
Which of the following statements are true regarding Local User Authentication? (Select all that apply.)
A. Local user authentication is based on usernames and passwords stored locally on the FortiGate unit.
B. Two-factor authentication can be enabled on a per user basis.
C. Administrators can create an account for the user locally and specify the remote server to verify the password.
D. Local users are for administration accounts only and cannot be used for identity policies.
Answer: A,B,C
Q5. - (Topic 2)
Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit.
Which of the following statements is correct regarding this output? (Select one answer).
A. One tunnel is rekeying
B. Two tunnels are rekeying
C. Two tunnels are up
D. One tunnel is up
Answer: C
Q6. - (Topic 3)
An administrator configures a VPN and selects the Enable IPSec Interface Mode option in the phase 1 settings.
Which of the following statements are correct regarding the IPSec VPN configuration?
A. To complete the VPN configuration, the administrator must manually create a virtual IPSec interface in Web Config under System > Network.
B. The virtual IPSec interface is automatically created after the phase1 configuration.
C. The IPSec policies must be placed at the top of the list.
D. This VPN cannot be used as part of a hub and spoke topology.
E. Routes were automatically created based on the address objects in the firewall policies.
Answer: B
Q7. - (Topic 1)
UTM features can be applied to which of the following items?
A. Firewall policies
B. User groups
C. Policy routes
D. Address groups
Answer: A
Q8. - (Topic 3)
If Open Shortest Path First (OSPF) has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through OSPF need to be announced by Border Gateway Protocol (BGP)?
A. The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Autonomous System Boundary Router (ASBR).
B. The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Area Border Router (ABR).
C. At a minimum, the network administrator needs to enable Redistribute OSPF in the BGP settings.
D. The BGP local AS number must be the same as the OSPF area number of the routes learned that need to be redistributed into BGP.
E. By design, BGP cannot redistribute routes learned through OSPF.
Answer: C
Q9. - (Topic 3)
An administrator has formed a High Availability cluster involving two FortiGate 310B units.
[Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ]
The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster.
Which of the following options describes the best step the administrator can take?
The administrator should...
A. set up a full-mesh design which uses redundant interfaces.
B. increase the number of FortiGate units in the cluster and configure HA in Active-Active mode.
C. enable monitoring of all active interfaces.
D. configure the HA ping server feature to allow for HA failover in the event that a path is disrupted.
Answer: A
Q10. - (Topic 1)
Which of the following statements describes the method of creating a policy to block access to an FTP site?
A. Enable Web Filter URL blocking and add the URL of the FTP site to the URL Block list.
B. Create a firewall policy with destination address set to the IP address of the FTP site, the Service set to FTP, and the Action set to Deny.
C. Create a firewall policy with a protection profile containing the Block FTP option enabled.
D. None of the above.
Answer: B