- All Exams Instant Download
Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?
Refer to exhibit. An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page. Based on the exhibit, which configuration change can the...
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
Refer to the exhibit. Examine the intrusion prevention system (IPS) diagnostic command. Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?A . The IPS engine was inspecting high volume of traffic.B . The IPS engine...
What setting on the collector agent is required to achieve this?
An administrator does not want to report the login events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?A . Add the support of NTLM authenticationB . Add user accounts to the FortiGate group filterC . Add user accounts to Active Directory (AD)D...
Which part of the policy configuration must you change to resolve the issue?
Refer to the exhibits. The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook. Users are given access to the Facebook web application. They can play video content hosted on Facebook, but they are unable to leave reactions on videos or other...
What must the administrator do to synchronize the address object?
Refer to the exhibits. An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW). What must the administrator do to synchronize the address object?A . Change the csf setting on ISFW (downstream)...
Which three methods are used by the collector agent for AD polling? (Choose three.)
Which three methods are used by the collector agent for AD polling? (Choose three.) A. WMI B. Novell API C. WinSecLog D. NetAPI E. FortiGate pollingView AnswerAnswer: A,C,D Explanation: The correct options for the methods used by the collector agent for AD polling are: A. WMI (Windows Management Instrumentation) WMI...
Which two types of traffic are managed only by the management VDOM? (Choose two.)
Which two types of traffic are managed only by the management VDOM? (Choose two.)A . FortiGuard web filter queriesB . PKIC . Traffic shapingD . DNSView AnswerAnswer: A,D Explanation: "NTP, FortiGuard updated/queries, SNMP, DNS Filtering, Log settings and other mgmt related services". B is wrong because PKI stands for Public...
What is the most likely reason for this situation?
Refer to the exhibit. FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt. What is the most likely reason for this situation?A . No matching user account exists for this user.B . The user is using a...
Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?
Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?A . FG-traffic VDOMB . Root VDOMC . Customer VDOMD . Global VDOMView AnswerAnswer: B Explanation: If you enable split-task VDOM mode on the upstream FGT device, it can allow downstream...
Which subnet must the administrator configure for the local quick mode selector for site B?
An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24. Which subnet must the administrator...
