- All Exams Instant Download
Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?
Refer to the exhibit. Exhibit A. Exhibit B. The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10 .0.1.254. /24. The first firewall policy has NAT enabled using...
What are the two results of this configuration?
An administrator has configured the following settings: What are the two results of this configuration? (Choose two.)A . Device detection on all interfaces is enforced for 30 minutes.B . Denied users are blocked for 30 minutes.C . A session for denied traffic is created.D . The number of logs generated...
Which timeout option should be configured on FortiGate?
An administrator wants to configure timeouts for users. Regardless of the user™s behavior, the timer should start as soon as the user authenticates and expire after the configured value. Which timeout option should be configured on FortiGate?A . auth-on-demandB . soft-timeoutC . idle-timeoutD . new-sessionE . hard-timeoutView AnswerAnswer: E Explanation:...
Which statement is true about the strict RPF check?
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?A . The strict RPF check is run on the first sent and reply packet of any new session.B . Strict RPF checks the best route back to the source using the...
Which statement about the policy ID number of a firewall policy is true?
Which statement about the policy ID number of a firewall policy is true?A . It is required to modify a firewall policy using the CLC . It represents the number of objects used in the firewall policy.D . It changes when firewall policies are reordered.E . It defines the order...
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?A . Antivirus engineB . Intrusion prevention system engineC . Flow engineD . Detection engineView AnswerAnswer: B Explanation: Reference: http://docs.fortinet.com/document/fortigate/6.0.0/handbook/240599/application-control
Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)
Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)A . The client FortiGate requires a client certificate signed by the CA on the server FortiGate.B . The client FortiGate requires a manually added route to remote subnets.C . The client FortiGate uses the SSL VPN...
Which two statements about antivirus scanning mode are true? (Choose two.)
Which two statements about antivirus scanning mode are true? (Choose two.)A . In proxy-based inspection mode, files bigger than the buffer size are scanned.B . In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.C . In proxy-based inspection mode, antivirus scanning buffers the...
Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?
Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?A . To allow for out-of-order packets that could arrive after the FIN/ACK packetsB . To finish any inspection operationsC . To remove the NAT operationD ....
Which statement about video filtering on FortiGate is true?
Which statement about video filtering on FortiGate is true?A . Full SSL Inspection is not required.B . It is available only on a proxy-based firewall policy.C . It inspects video files hosted on file sharing services.D . Video filtering FortiGuard categories are based on web filter FortiGuard categories.View AnswerAnswer: B...
