Q1. - (Topic 1)
The FortiGate unit can be configured to allow authentication to a RADIUS server. The RADIUS server can use several different authentication protocols during the authentication process.
Which of the following are valid authentication protocols that can be used when a user authenticates to the RADIUS server? (Select all that apply.)
A. MS-CHAP-V2 (Microsoft Challenge-Handshake Authentication Protocol v2)
B. PAP (Password Authentication Protocol)
C. CHAP (Challenge-Handshake Authentication Protocol)
D. MS-CHAP (Microsoft Challenge-Handshake Authentication Protocol v1)
E. FAP (FortiGate Authentication Protocol)
Answer: A,B,C,D
Q2. - (Topic 3)
Which of the following cannot be used in conjunction with the endpoint compliance check?
A. HTTP Challenge Redirect to a Secure Channel (HTTPS) in the Authentication Settings.
B. Any form of firewall policy authentication.
C. WAN optimization.
D. Traffic shaping.
Answer: A
Q3. - (Topic 2)
In HA, the option Reserve Management Port for Cluster Member is selected as shown in the Exhibit below.
Which of the following statements are correct regarding this setting? (Select all that apply.)
A. Interface settings on port7 will not be synchronized with other cluster members.
B. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface.
C. Port7 appears in the routing table.
D. A gateway address may be configured for port7.
E. When connecting to port7 you always connect to the master device.
Answer: A,D
Q4. - (Topic 1)
Which email filter is NOT available on a FortiGate device?
A. Sender IP reputation database.
B. URLs included in the body of known SPAM messages.
C. Email addresses included in the body of known SPAM messages.
D. Spam object checksums.
E. Spam grey listing.
Answer: E
Q5. - (Topic 1)
Which of the following methods can be used to access the CLI? (Select all that apply.) A. By using a direct connection to a serial console.
B. By using the CLI console window in Web Config.
C. By using an SSH connection.
D. By using a Telnet connection.
Answer: A,B,C,D
Q6. - (Topic 3)
Which of the following describes the best custom signature for detecting the use of the word "Fortinet" in chat applications?
A. The sample packet trace illustrated in the exhibit provides details on the packet that requires detection. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --no_case; )
B. F-SBID( --protocol tcp; --flow from_client; --pattern "fortinet"; --no_case; )
C. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --within 20; --no_case; )
D. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --within 20; )
Answer: A
Q7. - (Topic 1)
Which of the statements below are true regarding firewall policy disclaimers? (Select all that apply.)
A. User must accept the disclaimer to proceed with the authentication process.
B. The disclaimer page is customizable.
C. The disclaimer cannot be used in combination with user authentication.
D. The disclaimer can only be applied to wireless interfaces.
Answer: A,B
Q8. - (Topic 1)
An end user logs into the SSL VPN portal and selects the Tunnel Mode option by clicking on the "Connect" button. The administrator has not enabled split tunneling and so the end user must access the Internet through the SSL VPN Tunnel.
Which firewall policies are needed to allow the end user to not only access the internal network but also reach the Internet?
A)
B)
C)
D)
A. Exhibit A
B. Exhibit B
C. Exhibit C
D. Exhibit D
Answer: A
Q9. - (Topic 2)
For Data Leak Prevention, which of the following describes the difference between the block and quarantine actions?
A. A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol.
B. A block action prevents the transaction. A quarantine action archives the data.
C. A block action has a finite duration. A quarantine action must be removed by an administrator.
D. A block action is used for known users. A quarantine action is used for unknown users.
Answer: A
Q10. - (Topic 1)
When creating administrative users which of the following configuration objects determines access rights on the FortiGate unit.
A. profile
B. allowaccess interface settings
C. operation mode
D. local-in policy
Answer: A