Summer Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Login / Register

Question # 4

You have configured an application control profile, set peer-to-peer traffic to Block under the Categories tab, and applied it to the firewall policy. However, your peer-to-peer traffic on known ports is passing through the FortiGate without being blocked.

What FortiGate settings should you check to resolve this issue?

A.

FortiGuard category ratings

B.

Application and Filter Overrides

C.

Network Protocol Enforcement

D.

Replacement Messages for UDP-based Applications

Full Access
Question # 5

An administrator suspects that the Collector Agent is not forwarding login events to FortiGate.

What is the most effective troubleshooting step?

A.

Verify if DC agent is enabled on the FortiGate.

B.

Restart the domain controller to refresh authentication services.

C.

Verify if FortiGate is set to use LDAP authentication instead of FSSO.

D.

Check if TCP port 8000 is open between the collector agent and FortiGate.

Full Access
Question # 6

When configuring a FortiGate in a multi-WAN setup, why would an administrator enable session preservation on an interface?

A.

To allow the FortiGate to dynamically change interfaces for all active sessions when a WAN link fails

B.

To make sure all sessions without source NAT enabled always use the primary WAN link

C.

To improve security by forcing users to authenticate again when the WAN link changes

D.

To ensure that existing SSL VPN connections remain on the same interface even if route changes occur

Full Access
Question # 7

Refer to the exhibit.

The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL inspection, as shown in the exhibit.

For which two reasons are these web categories exempted? (Choose two.)

A.

The FortiGate temporary certificate denies the browser’s access to websites that use HTTP Strict Transport Security.

B.

These websites are in an allowlist of reputable domain names maintained by FortiGuard.

C.

The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.

D.

The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.

Full Access
Question # 8

A network administrator is reviewing firewall policies in both Interface Pair View and By Sequence View. The policies appear in a different order in each view.

Why is the policy order different in these two views?

A.

Policies in Interface Pair View are prioritized by security levels, while By Sequence View strictly follows the administrator’s manual ordering.

B.

By Sequence View groups policies based on rule priority, while Interface Pair View always follows the order of traffic logs.

C.

The firewall dynamically reorders policies in Interface Pair View based on recent traffic patterns, but By Sequence View remains static.

D.

Interface Pair View sorts policies based on matching interfaces, while By Sequence View shows the actual processing order of rules.

Full Access
Question # 9

A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy.

When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.

The administrator confirms that the traffic matches the configured firewall policy.

What are two reasons for the failed virus detection by FortiGate? (Choose two.)

A.

The selected SSL inspection profile has certificate inspection enabled.

B.

The website is exempted from SSL inspection.

C.

The El CAR test file exceeds the protocol options oversize limit.

D.

The browser does not trust the FortiGate self-signed CA certificate.

Full Access
Question # 10

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)

A.

On BR1-FGT, set Seconds to 43200.

B.

On HQ-NGFW, enable Diffie-Hellman Group 2.

C.

On BR1-FGT, set Remote Address to 10.0.11.0/255.255.255.0

D.

On HQ-NGFW. set Encryption to AES256

Full Access
Question # 11

Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)

A.

If SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume-based.

B.

If SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP.

C.

If SD-WAN is disabled, you configure the load balancing algorithm in config system settings.

D.

If SD-WAN is enabled, you control the load balancing algorithm with the parameter load-balance-mode.

Full Access
Question # 12

Refer to the exhibit, which shows a partial configuration from the remote authentication server.

Why does the FortiGate administrator need this configuration?

A.

To set up a RADIUS server Secret.

B.

To authenticate Any FortiGate user groups.

C.

To authenticate and match the Training OU on the RADIUS server.

D.

To authenticate only the Training user group.

Full Access
Question # 13

You have configured the FortiGate device for FSSO. A user is successful in log-in to windows, but their access to the internet is denied.

What should the administrator check first?

A.

Whether the user is assigned to the correct AD group.

B.

The FortiGate firewall policy settings for SSL decryption.

C.

The FortiGate FSSO active users list for user’s IP address.

D.

The windows event viewer for failed login attempts.

Full Access