Under which circumstance is the IPsec ESP traffic encapsulated over UDP?

Under which circumstance is the IPsec ESP traffic encapsulated over UDP? Response:A . When using IKE version 2 (IKEv2)B . When the phase 1 is configured to use aggressive modeC . When the IPsec VPN is configured as dial-upD . When NAT-T detects there is a device between both IPsec...

March 19, 2019 No Comments READ MORE +

Which of the following configuration settings are global settings?

Which of the following configuration settings are global settings? (Choose two.) Response:A . FortiGuard settingsB . HA settingsC . Firewall policiesD . Security profilesView AnswerAnswer: AB

March 16, 2019 No Comments READ MORE +

Which statements about IP-based explicit proxy authentication are true?

Which statements about IP-based explicit proxy authentication are true? (Choose two.) Response:A . IP-based authentication is best suited to authenticating users behind a NAT device.B . Sessions from the same source address are treated as a single user.C . IP-based authentication consumes less FortiGate’s memory than session-based authentication.D . FortiGate...

March 13, 2019 No Comments READ MORE +

When does the FortiGate enter into fail-open session mode?

When does the FortiGate enter into fail-open session mode? Response:A . When CPU usage goes above the red threshold.B . When a proxy (for proxy-based inspection) runs out of connections.C . When memory usage goes above the red threshold.D . When memory usage goes above the extreme threshold.View AnswerAnswer: B

March 3, 2019 No Comments READ MORE +

Which statement about the HA override setting in FortiGate HA clusters is true?

Which statement about the HA override setting in FortiGate HA clusters is true? Response:A . Configuring the HA override will reboot the FortiGate device.B . It synchronizes device priority on all cluster members.C . It is used to enable monitored ports.D . You must configure override settings manually and separately...

March 1, 2019 No Comments READ MORE +

Which file names will match the *.tiff file name pattern configured in a DLP filter?

Which file names will match the *.tiff file name pattern configured in a DLP filter? (Choose two.) Response:A . tiff.jpegB . tiff.tiffC . gif.tiffD . tiff.pngView AnswerAnswer: BC

February 23, 2019 No Comments READ MORE +

Which statements about the firmware upgrade process on an active-active high availability (HA) cluster are true?

Which statements about the firmware upgrade process on an active-active high availability (HA) cluster are true? (Choose two.) Response:A . The firmware image must be manually uploaded to each FortiGate.B . Only secondary FortiGate devices are rebooted.C . Uninterruptable upgrade is enabled by default.D . Traffic load balancing is temporally...

February 17, 2019 No Comments READ MORE +

An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN. How can this be achieved?

An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN. How can this be achieved? Response:A . Disabling split tunnelingB . Configuring web bookmarksC . Assigning public IP addresses to SSL VPN clientsD . Using web-only modeView AnswerAnswer: A

February 9, 2019 No Comments READ MORE +

Which of the following actions are available under the System Information widget for system configuration?

Which of the following actions are available under the System Information widget for system configuration? (Choose two.) Response:A . BackupB . UploadC . CheckpointD . Configuration RecoveryE . RestoreView AnswerAnswer: AB

January 30, 2019 No Comments READ MORE +

Which statements correctly describe transparent mode operation?

Which statements correctly describe transparent mode operation? (Choose three.) Response:A . All interfaces of the transparent mode FortiGate device must be on different IP subnets.B . The transparent FortiGate is visible to network hosts in an IP traceroute.C . It permits inline traffic inspection and firewalling without changing the IP...

January 25, 2019 No Comments READ MORE +