An administrator has configured the following settings config system settings set ses-denied-traffic enable end config system global set block-session-timer 30 end What does the configuration do? (Choose two)A . Reduces the amount of logs generated by denied trafficB . Enforces device detection on all interfaces for 30 minutesC . Blocks denied users for 30...Continue reading
NGFW mode allows policy-based configuration for most inspection rules. Which security profile’s configuration does not change when you enable policy-based inspection?A . Web filteringB . AntivirusC . Web proxyD . Application control View Answer Answer: B...
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?A . It must be configured in a static route using the sdwan virtual interface.B . It must be provided in the SD-WAN member interface configuration.C . It must be configured in a...Continue reading
Why is the administrator getting the error shown in the exhibit? A . The administrator must first enter the command edit globalB . The administrator admin does not have the privileges required to configure global settings.C . The global settings cannot be configured from the root VDOM context.D . The command config system global...Continue reading
By default, when logging to disk, when does FortiGate delete logs?A . 30 daysB . 1 yearC . NeverD . 7 days View Answer Answer: D...
What are the expected actions if traffic matches this IPS sensor? (Choose two) A . The sensor will gather a packet log for all matched trafficB . The sensor will not block attackers matching the A32C . Botnet signatureD . The sensor will block all attacks for Windows ServersE . The sensor will reset...Continue reading
Which one of the following processes is involved in updating IPS from FortiGuard?A . FortiGate IPS update requests are sent using UDP port 443.B . Protocol decoder update requests are sent to service. fortiguard.net.C . IPS signature update requests are sent to update fortiguard.net.D . IPS engine updates can only be obtained using push...Continue reading
An administrator wants to configure a FortiGate as a DNS server. FotiGate must use a DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS methods must you use?A . RecursiveB . Non-recursiveC . Forward to primary and secondary DNSD . Forward to system DNS...Continue reading
A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups. What is required in the SSL VPN configuration to meet these requirements?A . Different SSL VPN realms for each groupB . Two separate...Continue reading
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)A . The interface has been configured for one-arm snifferB . The interface is a member of a virtual wire pairC . The operation mode is transparent.D . The interface is a...Continue reading