Professional Documents
Culture Documents
7 Efw6.4
7 Efw6.4
QUESTION 1
Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in
conserve mode? (Choose two.)
A. IPS failopen
B. mem failopen
C. AV failopen
D. UTM failopen
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Refer to the exhibit, which contains the partial output of a diagnose command.
Based on the output, which two statements are correct? (Choose two.)
A. Anti-replay is enabled.
B. DPD is disabled.
C. Remote gateway IP is 10.200.4.1.
D. Quick mode selectors are disabled.
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
Refer to the exhibit, which contains the output of a diagnose command.
Which two statements regarding the output in the exhibit are true? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
Which two statements about application layer test commands are true? (Choose two.)
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 5
Refer to the exhibits, which contain configuration on FortiGate and partial session information.
All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for
Internet traffic from a user on the internal network.
If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s
session?
A. The session would remain in the session table, but its traffic would now egress from both port1 and
port2.
B. The session would remain in the session table, and its traffic would still egress from port1.
C. The session would remain in the session table, and its traffic would start to egress from port2.
D. The session would be deleted, so the client would need to start a new session.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
Which three conditions are required for two FortiGate devices to form an OSP adjacency? (Choose three.)
Explanation/Reference:
QUESTION 7
Which two statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose
two.)
A. When executed on the Device Database, you must use the installation wizard to apply the changes to the
managed FortiGate.
B. When executed on the Policy Package, ADOM database, changes are applied directly to the managed
FortiGate.
C. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new
revision history.
D. When executed on the Remote FortiGate directly, administrators do not have the option to review the
changes prior to installation.
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
Refer to the exhibit, which contains a partial output of an IKE real-time debug.
Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?
A. auto-discovery-receiver
B. auto-discovery-forwarder
C. auto-discovery-sender
D. auto-discovery-shortcut
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
What is the diagnose test application ipsmonitor 99 command used for?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
Refer to the exhibit, which contains a session table entry.
Which statement about FortiGate inspection of this session is true?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
Refer to the exhibit, which contains the output of a debug command.
Which two statements about the exhibit are true? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12
Refer to the exhibit, which contains the output of diagnose sys session stat.
Which two statements about the output shown are correct? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
Refer to the exhibit, which contains central management configuration.
Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?
A. 10.0.1.242
B. 10.0.1.244
C. Public FortiGuard servers
D. 10.0.1.240
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
Refer to the exhibit, which contains the output of diagnose sys session list.
If the HA ID for the primary unit is zero (0), which statement about the output is true?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 15
Refer to the exhibit, which contains the partial output of an IKE real-time debug.
Why did the tunnel not come up?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the
administrator notices that some of the switches in the network continue to send traffic to the former primary
unit. The administrator decides to enable the setting link-failed-signal to fix the problem.
A. It forces the former primary device to shut down all its non-heartbeat interfaces for one second while the
failover occurs.
B. It disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.
C. It sends a link failed signal to all connected devices.
D. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable
through a new master after a failover.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
What does the dirty flag mean in a FortiGate session?
A. The session must be removed from the former primary unit after an HA failover.
B. Traffic has been blocked by the antivirus inspection.
C. Traffic has been identified as from an application that is not allowed.
D. The next packet must be re-evaluated against the firewall policies.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 18
Refer to the exhibit, which contains partial outputs from two routing debug commands.
Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?
A. port3
B. port2
C. port1
D. Both port1 and port2
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 19
Refer to the exhibit, which contains the output of a debug command.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 20
How does FortiManager handle FortiGate requests from FortiGate devices, when it is configured as a local
FDS?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 21
Refer to the exhibit, which contains the output of a BGP debug command.
Which statement about the exhibit is true?
A. The local router has received a total of three BGP prefixes from all peers.
B. The local router has not established a TCP session with 100.64.3.1.
C. Since the counters were last reset, the 10.200.3.1 peer has never been down.
D. The local router BGP state is OpenConfirm with the 10.127.0.75 peer.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 22
Refer to the exhibit, which contains the output of a web filtering diagnose command.
Which statement explains why the cache statistics are all zeros?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 23
An administrator wants to capture ESP traffic between two FortiGate devices using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGate devices, which
command should the administrator execute?
Explanation/Reference:
QUESTION 24
Which two conditions must be met for a statistic route to be active in the routing table? (Choose two.)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 25
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web
requests when the client browser does not provide the server name indication (SNI) extension?
A. FortiGate uses the requested URL from the user’s web browser.
B. FortiGate uses the CN information from the Subject field in the server certificate.
C. FortiGate blocks the request without any further inspection.
D. FortiGate switches to the full SSL inspection method to decrypt the data.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 26
Refer to the exhibit, which contains the output of a real-time debug.
Correct Answer: AB B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 27
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 28
Refer to the exhibit, which contains a partial routing table.
Assuming all the appropriate firewall policies are configured, which two pings will FortiGate route? (Choose
two.)
Explanation/Reference:
QUESTION 29
Refer to the exhibit, which contains a TCL script configuration on FortiManager.
An administrator has configured the TCL script on FortiManager, but failed to apply any changes to the
managed device after being executed.
Why did the TCL script fail to make any changes to the managed device?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 30
Refer to the exhibit, which contains the partial output of an IKE real-time debug.
Which two statements about this debug output are correct? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 31
Which two statements about FortiManager are true when it is deployed as a local FDS? (Choose two.)
QUESTION 32
An administrator has configured the CLI script on FortiManager, which failed to apply any changes to the
managed device after being executed.
Why did the script not make any changes to the managed device?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 33
Refer to the exhibit, which contains the output of a BGP debug command.
Which statement explains why the state of the 10.200.3.1 peer is Connect?
A. The local router has received the BGP prefixes from the remote peer.
B. The local router is receiving the BGP keepalives from the peer, but it has not received a BGP prefix yet.
C. The TCP session to 10.200.3.1 has not completed the 3-way handshake.
D. The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the
OpenConfirm yet.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 34
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 35
Refer to the exhibit, which contains the output of get system ha status.
Which two statements about the output are true? (Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 36
Refer to the exhibit, which contains a screenshot of some phase-1 settings.
The VPN is not up. To diagnose, the administrator enters the following CLI commands:
However, the IKE real-time debug does not show any output. Why?
A. The log-filter setting was set incorrectly. The VPN traffic does not match this filter.
B. The administrator must enable the following real-time debug: diagnose debug application ipsec
–1.
C. The debug output only shows pre-shared key, encryption, and authentication mismatch(es).
D. The debug shows only error messages. If there is no output, then phase-1 and phase-2 configurations are
matching.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 37
Which statement about memory conserve mode is true?
A. A FortiGate exits conserve mode when the configured memory use threshold reaches yellow.
B. A FortiGate starts dropping all the new and old sessions when the configured memory use threshold
reaches extreme.
C. A FortiGate enters conserve mode when the configured memory use threshold reaches red.
D. A FortiGate starts dropping new sessions when the configured memory use thresholds reaches red.
Correct Answer: D C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 38
Refer to the exhibit, which contains output of diagnose vpn tunnel list.
Which command will capture ESP traffic for the VPN named DialUp_0?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 39
Refer to the exhibit, which contains a partial web filter profile configuration.
Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File
Sharing and Storage?
A. FortiGate will exempt the connection based on the Web Content Filter configuration.
B. FortiGate will block the connection as an invalid URL.
C. FortiGate will block the connection based on the URL Filter configuration.
D. FortiGate will allow the connection based on the FortiGuard category based filter configuration.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 40
Refer to the exhibit, which contains the output of a diagnose command.
Which statement regarding the Weight value is true?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 41
Refer to the exhibit, which contains the partial output of an IKE real-time debug.
Based on the debug output, which configuration change can the administrator make to the local gateway to
resolve the phase 1 negotiation error?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 42
In which two states is a given session categorized as ephemeral? (Choose two.)
B
A. A TCP session waiting for FIN ACK.
B. A TCP session waiting to complete the three-way handshake.
C. A UDP session with packets sent and received.
D. A UDP session with only one packet received.
Explanation/Reference:
QUESTION 43
Refer to the exhibit, which contains a partial output of an IKE real-time debug.
Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?
A. auto-discovery-receiver
B. auto-discovery-forwarder
C. auto-discovery-sender
D. auto-discovery-shortcut
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 44
Which statement describes IPS adaptive scanning?
QUESTION 45
Which two statements about the exhibit are true? (Choose two.)
A. The OSPF routers with the IDS 0.0.0.69 and 0.0.0.117 are both designated routers for the wan1
network.
B. The interface ToRemote is a point-to-point OSPF network.
C. The local ForitGate is the backup designated router for the wan1 network.
D. The OSPF router with the ID 0.0.0.2 is the designated router for the ToRemote network.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 46
Which configuration can be used to reduce the number of BGP sessions in an IBGP network?
A. Next-hop-self
B. Route reflector
C. Neighbor group
D. Neighbor range
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 47
Refer to the exhibit, which contains partial outputs from two routing debug commands.
Why is the port2 default route not in the second command’s output?
A. It has a lower priority value that the default route using port1.
B. It has a higher priority value than the default route using port1.
C. It is disabled in the FortiGate configuration.
D. It has a higher distance than the default route using port1.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 48
Which two statements about the output are true? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 49
Refer to the exhibits, which contain configuration on FortiGate and partial session information.
All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for
Internet traffic from a user on the internal network.
If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s
session?
A. The session would remain in the session table, but its traffic would now egress from both port1 and
port2.
B. The session would remain in the session table, and its traffic would still egress from port1.
C. The session would remain in the session table, and its traffic would start to egress from port2.
D. The session would be deleted, so the client would need to start a new session.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
1. What conditions are required for two FortiGate devices to form an OSPF
adjacency? (Choose three.)
Which statement are true regarding the output in the exhibit? (Choose two.)
There are three FortiGuard servers that are not responding to the queries sent by the
FortiGate.
The TZ value represents the delta between each FortiGuard server's time zone and the
FortiGate's time zone.
FortiGate will send the FortiGuard queries to the server with highest weight.
A server's round trip delay (RTT) is not used to calculate its weight.
4. View the exhibit, which contains the output of a debug command, and then answer
the question below.
Which one of the following statements about this FortiGate is correct?
Which of the following statements about the exhibit are true? (Choose two.)
The local router's BGP state is Established with the 10.125.0.60 peer.
Since the counters were last reset; the 10.200.3.1 peer has never been down.
The local router has received a total of three BGP prefixes from all peers.
The local router has not established a TCP session with 100.64.3.1.
6. View the exhibit, which contains the output of a diagnose command, and then
answer the question below.
Which statements are true regarding the output in the exhibit? (Choose two.)
It was created by the FortiGate kernel to allow push updates from FotiGuard.
It is for management traffic terminating at the FortiGate.
It is for traffic originated from the FortiGate.
It was created by a session helper or ALG
10. 0.1.254. The administrator runs the debug flow while attempting the connection
using
Based on the error displayed by the debug flow, which are valid reasons for this
problem? (Choose two.)
HTTP administrative access is disabled in the FortiGate interface with the IP address
10.0.1.254.
Redirection of HTTP to HTTPS administrative access is disabled.
HTTP administrative access is configured with a port number different than 80.
The packet is denied because of reverse path forwarding check.
11. A FortiGate is configured as an explicit web proxy. Clients using this web proxy
are reposting DNS errors when accessing any website. The administrator executes
the following debug commands and observes that the n-dns-timeout counter is
increasing:
What should the administrator check to fix the problem?
The connectivity between the FortiGate unit and the DNS server.
The connectivity between the client workstations and the DNS server.
That DNS traffic from client workstations is allowed by the explicit web proxy policies.
That DNS service is enabled in the explicit web proxy interface.
12. View the exhibit, which contains the partial output of an IKE real time debug, and
then answer the question below.
The administrator does not have access to the remote gateway.
Based on the debug output, what configuration changes can the administrator make
to the local gateway to resolve the phase 1 negotiation error?
Which flag is added to a primary unit’s session to indicate that it has been
synchronized to the secondary unit?
redir.
C
dirty.
synced
nds.
14. Which configuration can be used to reduce the number of BGP sessions in an
IBGP network?
Neighbor range
Route reflector
Next-hop-self
Neighbor group
15. View the exhibit, which contains the output of get sys ha status, and then answer
the question below.
There is not enough available memory in the system to create a new entry inthe NAT
port table.
The limit for the maximum number of simultaneous sessions sharing the same NAT
port has been reached.
FortiGate does not have any available NAT port for a new connection.
The limit for the maximum number of entries in the NAT port table has been reached.
19. Which of the following statements are true regarding the SIP session helper and
the SIP application layer gateway (ALG)? (Choose three.)
SIP session helper runs in the kernel; SIP ALG runs as a user space process.
SIP ALG supports SIP HA failover; SIP helper does not.
SIP ALG supports SIP over IPv6; SIP helper does not.
SIP ALG can create expected sessions for media traffic; SIP helper does not.
SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UD
20. Two independent FortiGate HA clusters are connected to the same broadcast
domain. The administrator has reported that both clusters are using the same HA
virtual MAC address. This creates a duplicated MAC address problem in the network.
What HA setting must be changed in one of the HA clusters to fix the problem?
Group ID
Group name.
Session pickup.
Gratuitous ARPs.
21. AFortiGate's portl is connected to a private network. Its port2 is connected to the
Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can
access the Internet. Web cache is NOT enabled. An internal web proxy user is
downloading a file from the Internet via HTTP.
Which statements are true regarding the two entries in the FortiGate session table
related with this traffic? (Choose two.)
IPS failopen
mem failopen
AV failopen
UTM failopen
23. What does the dirty flag mean in aFortiGate session?
The exhibit shows partial session information for Internet traffic from a user on the
internal network:
If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic
matching that user’s session?
The session would remain in the session table, and its traffic would still egress from
port1.
The session would remain in the session table, but its traffic would now egress from
both port1 and port2.
The session would remain in the session table, and its traffic would start to egress from
port2.
The session would be deleted, so the client would need to start a new session.
26. Which of the following statements are correct regarding application layer test
commands? (Choose two.)
question below.
The IP address recorded in the logon event for the user STUDEN
The DNS name resolution for the workstation name INTERNAL2. TRAININ
LA
The source IP address of the traffic arriving to the FortiGate from the workstation
INTERNAL2. TRAININ
LA
The reserve DNS lookup for the IP address 192.168.3.1.
28. Examine the output of the ‘get router info ospf interface’ command shown in the
exhibit; then answer the question below.
Which statements are true regarding the above output? (Choose two.)
Theport4 interface is connected to the OSPF backbone area.
The local FortiGate has been elected as the OSPF backup designated router.
There are at least 5 OSPF routers connected to the port4 network.
Two OSPF routers are down in the port4 network.
29. Which of the following conditions must be met fora static route to be active in the
routing table? (Choose three.) Choose Two
A process crash.
Configuration changes.
Changes in the status of any of the FortiGuard licenses.
System entering to and leaving from the proxy conserve mode.
33. View the exhibit, which contains a session entry, and then answer the question
below.
Which statement is correct regarding this session?
Which statement explains why the state of the 10.200.3.1 peer is Connect?
The local router is receiving BGP keepalives from the remote peer, but the local peer
has not received the OpenConfirm yet.
The TCP session to 10.200.3.1 has not completed the 3-way handshake.
The local router is receiving the BGP keepalives from the peer, but it has not received
a BGP prefix yet.
The local router has received the BGP prefixes from the remote peer.
35. A FortiGate device has the following LDAP configuration:
The administrator executed the ‘dsquery’ command in the Windows LDAp server
10.0.1.10, and got the following output:
cnid.
username.
password.
dn.
this is the
correct
not
Correct