Which statements about IP-based explicit proxy authentication are true?

Which statements about IP-based explicit proxy authentication are true?

(Choose two.)

Response:
A . IP-based authentication is best suited to authenticating users behind a NAT device.
B . Sessions from the same source address are treated as a single user.
C . IP-based authentication consumes less FortiGate’s memory than session-based authentication.
D . FortiGate remembers authenticated sessions using browser cookies.

Answer: BC

Which statements about the firmware upgrade process on an active-active high availability (HA) cluster are true?

Which statements about the firmware upgrade process on an active-active high availability (HA) cluster are true?

(Choose two.)

Response:
A . The firmware image must be manually uploaded to each FortiGate.
B . Only secondary FortiGate devices are rebooted.
C . Uninterruptable upgrade is enabled by default.
D . Traffic load balancing is temporally disabled while upgrading the firmware.

Answer: BD

An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN. How can this be achieved?

An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN. How can this be achieved?

Response:
A . Disabling split tunneling
B . Configuring web bookmarks
C . Assigning public IP addresses to SSL VPN clients
D . Using web-only mode

Answer: A

Which statements correctly describe transparent mode operation?

Which statements correctly describe transparent mode operation?

(Choose three.)

Response:
A . All interfaces of the transparent mode FortiGate device must be on different IP subnets.
B . The transparent FortiGate is visible to network hosts in an IP traceroute.
C . It permits inline traffic inspection and firewalling without changing the IP scheme of the network.
D . Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.
E . The FortiGate acts as transparent bridge and forwards traffic at Layer-2.

Answer: CDE