- All Exams Instant Download
Which two key configuration changes must the administrator make on FortiGate to meet the requirements?
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In...
What interface must be used as the source for the firewall policy that will allow this traffic?
An administrator needs to create a tunnel mode SSL-VPN to access an internal web server from the Internet. The web server is connected to port1. The Internet is connected to port2. Both interfaces belong to the VDOM named Corporation. What interface must be used as the source for the firewall...
Which statement about traffic flow in an active-active HA cluster is true?
Which statement about traffic flow in an active-active HA cluster is true? A. The SYN packet from the client always arrives at the primary device first. B. The secondary device responds to the primary device with a SYN/ACK, and then the primary device forwards the SYN/ACK to the client. C....
If the Services field is configured in a Virtual IP (VIP), which of the following statements is true when central NAT is used?
If the Services field is configured in a Virtual IP (VIP), which of the following statements is true when central NAT is used?A . The Services field removes the requirement of creating multiple VIPs for different services.B . The Services field is used when several VIPs need to be bundled...
Which two IP pool types are useful for carrier-grade NAT deployments? (Choose two.)
Which two IP pool types are useful for carrier-grade NAT deployments? (Choose two.) A. Port block allocation B. Fixed port range C. One-to-one D. OverloadView AnswerAnswer: A,B Explanation: The two IP pool types that are useful for carrier-grade NAT (CGNAT) deployments are: A. Port block allocation B. Fixed port range...
Based on the configuration, what will happen to Apple FaceTime?
Refer to the exhibit to view the application control profile. Based on the configuration, what will happen to Apple FaceTime?A . Apple FaceTime will be allowed, based on the Apple filter configuration.B . Apple FaceTime will be allowed, based on the Categories configuration.C . Apple FaceTime will be blocked, based...
Which two statements are true?
Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)A . FortiGate SN FGVM010000065036 HA uptime has been reset.B . FortiGate devices are not in sync because one device is down.C . FortiGate SN FGVM010000064692...
Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers?
Refer to the exhibit. An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic. Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.) A. The Detection Mode setting is not set to Passive. B. Administrator didn't configure a gateway for the...
Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)
Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.) A. FG-traffic B. Mgmt C. FG-Mgmt D. RootView AnswerAnswer: A,D Explanation: Root VDOM is created by default when VDOMs are enabled. configure on Fortigate: - captive portal authentication required - Authentication...
Which item can be selected in the firewall policy Destination field?
An administrator has configured central DNAT and virtual IPs. Which item can be selected in the firewall policy Destination field?A . An IP poolB . A VIP objectC . A VIP groupD . The mapped IP address object of the VIP objectView AnswerAnswer: D Explanation: - when central NAT is...
