Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

Which two statements about SD-WAN central management are true? (Choose two.)

A.

It does not allow you to monitor the status of SD-WAN members.

B.

It is enabled or disabled on a per-ADOM basis.

C.

It is enabled by default.

D.

It uses templates to configure SD-WAN on managed devices.

Full Access
Question # 5

Refer to exhibits.

Exhibit A.

Exhibit B.

Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SO-WAN interface and the static routes configuration.

Port1 and port2 are member interfaces of the SD-WAN, and port2 becomes a dead member after reaching the failure thresholds

Which statement about the dead member is correct?

A.

Subnets 100 .64.1.0/23 and 172 . 20 . 0. 0/16 are reachable only through port1

B.

SD-WAN interface becomes disabled and port1 becomes the WAN interface

C.

Dead members require manual administrator access to bring them back alive

D.

Port2 might become alive when a single response is received from an SLA server

Full Access
Question # 6

Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two)

A.

Secure Shell (SSH)

B.

Encapsulating Security Payload (ESP)

C.

Internet Key Exchange (IKE)

D.

Transport Layer Security (TLS)

E.

Security Association (SA)

Full Access
Question # 7

Which three parameters are available to configure SD-WAN rules? (Choose three.)

A.

Application signatures

B.

Type of physical link connection

C.

URL categories

D.

Source and destination IP address

E.

Internet service database (ISDB) address object

Full Access
Question # 8

Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on traffic passing through the SD-WAN member port2? (Choose two.)

A.

FortiGate performs routing lookups for new sessions only after a route change.

B.

FortiGate marks the routing information on existing sessions as persistent.

C.

FortiGate flushes all routing information from the session table after a route change.

D.

FortiGate always blocks all traffic after a route change.

Full Access
Question # 9

Which two statements describe how IPsec phase 1 main mode is different from aggressive mode when performing IKE negotiation? (Choose two )

A.

A peer ID is included in the first packet from the initiator, along with suggested security policies.

B.

XAuth is enabled as an additional level of authentication, which requires a username and password.

C.

A total of six packets are exchanged between an initiator and a responder instead of three packets.

D.

The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

Full Access
Question # 10

When attempting to establish an IPsec tunnel to FortiGate, all remote users match the FIRST_VPN IPsec VPN. This includes remote users that want to connect to the SECOND_VPN IPsec VPN.

Which two configuration changes must you make on both IPsec VPNs so that remote users can connect to their intended IPsec VPN? (Choose two.)

A.

Configure different proposals.

B.

Configure a unique peer ID.

C.

Change the IKE mode to aggressive.

D.

Configure different Diffie Hellman groups.

Full Access
Question # 11

Refer to exhibits.

Exhibit A shows the SD-WAN rules and exhibit B shows the traffic logs. The SD-WAN traffic logs reflect how FortiGate processed traffic.

Which two statements about how the configured SD-WAN rules are processing traffic are true? (Choose two.)

A.

The implicit rule overrides all other rules because parameters widely cover sources and destinations.

B.

SD-WAN rules are evaluated in the same way as firewall policies: from top to bottom.

C.

The All_Access_Rules rule load balances Vimeo application traffic among SD-WAN member interfaces.

D.

The initial session of an application goes through a learning phase in order to apply the correct rule.

Full Access
Question # 12

Refer to the exhibits.

Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member and the static routes configuration.

If port2 is detected dead by FortiGate, which expected behavior is correct?

A.

Port2 becomes alive after one successful probe is detected.

B.

The SD-WAN interface becomes disabled and port1 becomes the WAN interface.

C.

Dead members require manual administrator access to bring them back alive.

D.

Subnets 10.0.20.0/23 and 172.20.0.0/16 are reachable only through port1.

Full Access