Q1. - (Topic 1)
Which of the following statements is correct regarding URL Filtering on the FortiGate unit?
A. The available actions for URL Filtering are Allow and Block.
B. Multiple URL Filter lists can be added to a single Web filter profile.
C. A FortiGuard Web Filtering Override match will override a block action in the URL filter list.
D. The available actions for URL Filtering are Allow, Block and Exempt.
Answer: D
Q2. - (Topic 1)
Which of the following products provides dedicated hardware to analyze log data from multiple FortiGate devices?
A. FortiGate device
B. FortiAnalyzer device
C. FortiClient device
D. FortiManager device
E. FortiMail device
F. FortiBridge device
Answer: B
Q3. - (Topic 3)
An administrator wishes to generate a report showing Top Traffic by service type, but wants to exclude SMTP traffic from the report.
Which of the following statements best describes how to do this?
A. In the Service field of the Data Filter, type 25/smtp and select the NOT checkbox.
B. Add the following entry to the Generic Field section of the Data Filter: service="!smtp".
C. When editing the chart, uncheck mlog to indicate that Mail Filtering data is being excluded when generating the chart.
D. When editing the chart, enter 'dns' in the Exclude Service field.
Answer: A
Q4. - (Topic 2)
Examine the Exhibit shown below; then answer the question following it.
The Vancouver FortiGate unit initially had the following information in its routing table:
S 172.20.0.0/16 [10/0] via 172.21.1.2, port2
C 172.21.0.0/16 is directly connected, port2
C 172.11.11.0/24 is directly connected, port1
Afterwards, the following static route was added:
config router static
edit 6
set dst 172.20.1.0 255.255.255.0
set pririoty 0
set device port1
set gateway 172.11.12.1
next
end
Since this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?
A. The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.
B. The 'gateway' IP address is NOT in the same subnet as the IP address of port1.
C. The priority is 0, which means that the route will remain inactive.
D. The static route configuration is missing the distance setting.
Answer: B
Q5. - (Topic 3)
Which of the following statements is correct about configuring web filtering overrides?
A. The Override option for FortiGuard Web Filtering is available for any user group type.
B. Admin overrides require an administrator to manually allow pending override requests which are listed in the Override Monitor.
C. The Override Scopes of User and User Group are only for use when Firewall Policy Authentication is also being used.
D. Using Web Filtering Overrides requires the use of Firewall Policy Authentication.
Answer: C
Q6. - (Topic 2)
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a
fully-meshed set of IPSec tunnels? (Select all that apply.)
A. Using a hub and spoke topology is required to achieve full redundancy.
B. Using a hub and spoke topology simplifies configuration because fewer tunnels are required.
C. Using a hub and spoke topology provides stronger encryption.
D. The routing at a spoke is simpler, compared to a meshed node.
Answer: B,D
Q7. - (Topic 3)
Which of the following tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Select all that apply.)
A. The web client SSL handshake.
B. The web server SSL handshake.
C. File buffering.
D. Communication with the urlfilter process.
Answer: A,B
Q8. CORRECT TEXT - (Topic 1)
When creating administrative users, the assigned _____________determines user rights on the FortiGate unit.
Answer: access profile
Q9. - (Topic 1)
An administrator configures a FortiGate unit in Transparent mode on the 192.168.11.0 subnet. Automatic Discovery is enabled to detect any available FortiAnalyzers on the network.
Which of the following FortiAnalyzers will be detected? (Select all that apply.)
A. 192.168.11.100
B. 192.168.11.251
C. 192.168.10.100
D. 192.168.10.251
Answer: A,B
Q10. - (Topic 1)
An end user logs into the full-access SSL VPN portal and selects the Tunnel Mode option by clicking on the “Connect” button. The administrator has enabled split tunneling.
Given that the user authenticates against the SSL VPN policy shown in the image below, which statement below identifies the route that is added to the client’s routing table.
A. A route to destination matching the ‘WIN2K3’ address object.
B. A route to the destination matching the ‘all’ address object.
C. A default route.
D. No route is added.
Answer: A