- All Exams Instant Download
Which statement about the exhibit is true?
Refer to the exhibit, which contains the output of a BGP debug command. Which statement about the exhibit is true?A . The local router has received a total of three BGP prefixes from all peers.B . The local router has not established a TCP session with 100.64.3.1.C . Since the...
Which statement about IKE and IKE NAT-T is true?
Which statement about IKE and IKE NAT-T is true?A . IKE is used to encapsulate ESP traffic in some situations, and IKE NAT-T is used only when the local FortiGate is using NAT on the IPsec interface.B . IKE is the standard implementation for IKEv1 and IKE NAT-T is an...
Based on the output, which two statements are correct?
Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command. Based on the output, which two statements are correct? (Choose two.)A . The npu_flag for this tunnel is 03.B . Different SPI values are a result of auto-negotiation being disabled for phase 2...
Why is the port2 default route not in the second command's output?
Refer to the exhibit, which contains partial outputs from two routing debug commands. Why is the port2 default route not in the second command's output?A . It has a higher priority value than the default route using port1.B . It is disabled in the FortiGate configuration.C . It has a...
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug: diagnose debug application ike-1 diagnose debug enable In which order is each step and phase displayed in the debug output each...
Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below. The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1...
What is the diagnose test application ipsmenitor 5 command used for?
What is the diagnose test application ipsmenitor 5 command used for?A . To enable IPS bypass modeB . To disable the IPS engineC . To restart all IPS engines and monitorsD . To provide information regarding IPS sessionsView AnswerAnswer: A Explanation: # diagnose test application ipsmonitor 5: Toggle bypass status...
Which IP addresses are included in the output of this command?
Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below. Which IP addresses are included in the output of this command?A . Those whose traffic matches a DoS policy.B . Those whose traffic matches an IPS sensor.C . Those whose traffic...
What does the dirty flag mean in a FortiGate session configured for NGFW policy mode?
What does the dirty flag mean in a FortiGate session configured for NGFW policy mode?A . The existing session table entry has been updated with the app_id and the firewall policy table needs to be checked for a match.B . The application or URL category is unknown and needs to...
Which one of the following statements about this FortiGate is correct?
View the exhibit, which contains the output of a debug command, and then answer the question below. Which one of the following statements about this FortiGate is correct?A . It is currently in system conserve mode because of high CPU usage.B . It is currently in extreme conserve mode because...
