Professional Documents
Culture Documents
FortiGate 7.4 Administrator Sample Questions_ Attempt review
FortiGate 7.4 Administrator Sample Questions_ Attempt review
Question 1
Incorrect
Mark 0 out of 1
Which two settings must you configure when FortiGate is being deployed as a root FortiGate in a Security Fabric topol
Question 2
Correct
Mark 1 out of 1
An administrator needs to create a tunnel mode SSL-VPN to access an internal web server from the internet. The web
port1. The internet is connected to port2. Both interfaces belong to the VDOM named Corporation.
What interface must the administrator use as the source for the firewall policy that will allow this traffic?
Select one:
port2
ssl.root
ssl.Corporation
port1
Question 3
Correct
Mark 1 out of 1
Which NAT method translates the source IP address in a packet to another IP address?
Select one:
DNAT
SNAT
VIP
IPPOOL
Question 4
Correct
Mark 1 out of 1
Which three settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (C
Question 5
Partially correct
Mark 0 out of 1
Which three methods can you use to deliver the token code to a user who is configured to use two-factor authenticati
Question 6
Incorrect
Mark 0 out of 1
Select one:
It enables monitored ports.
You must configure override settings manually and separately for each cluster member.
It reboots FortiGate.
It synchronizes device priority on all cluster members.
Question 7
Incorrect
Mark 0 out of 1
Which two IP pool types are useful for carrier-grade NAT deployments? (Choose two.)
Question 8
Correct
Mark 1 out of 1
Select one:
It is an IPsec extension that forces remote VPN users to authenticate using their local ID.
It is an IPsec extension that authenticates remote VPN peers using a pre-shared key.
It is an IPsec extension that forces remote VPN users to authenticate using their credentials (username and passw
It is an IPsec extension that authenticates remote VPN peers using digital certificates.
Question 9
Correct
Mark 1 out of 1
What is the common feature shared between IPv4 and SD-WAN ECMP algorithms?
Select one:
Both support volume algorithms.
Both can be enabled at the same time.
Both use the same physical interface load balancing settings.
Both control ECMP algorithms.
Question 10
Correct
Mark 1 out of 1
Select one:
10.20.30.0/24 [10/0] via 172.20.167.254, port3, [1/0]
Question 11
Incorrect
Mark 0 out of 1
Which statement best describes the role of a DC agent in an FSSO DC agent mode solution?
Select one:
It captures the login events and forwards them to FortiGate.
It captures the user IP address and workstation name and forwards them to FortiGate.
It captures the login events and forwards them to the collector agent.
It captures the login and logoff events and forwards them to the collector agent.
Question 12
Correct
Mark 1 out of 1
Which two statements correctly describe the differences between IPsec main mode and IPsec aggressive mode? (Choo
Question 13
Incorrect
Mark 0 out of 1
Select one:
You must configure SNAT for each firewall policy.
DNAT can automatically apply to multiple firewall policies, based on DNAT rules.
DNAT is not supported.
SNAT can automatically apply to multiple firewall policies, based on SNAT policies.
Question 14
Correct
Mark 1 out of 1
Select one:
You do not need to configure anything because all TCP sessions are automatically failed over.
You must configure ha-configuration-sync under configure system ha.
You must configure session-pickup-connectionless enable under configure system ha.
You must configure session-pickup-enable under configure system ha.
Question 15
Incorrect
Mark 0 out of 1
Which two behaviours result from this full SSL configuration? (Choose two.)
Question 16
Incorrect
Mark 0 out of 1
Which two statements about advanced AD access mode for the FSSO collector agent are true? (Choose two.)
Question 17
Correct
Mark 1 out of 1
An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to the S
How can this be achieved?
Select one:
Assigning public IP addresses to SSL-VPN users
Using web-only mode
Disabling split tunneling
Configuring web bookmarks
Question 18
Incorrect
Mark 0 out of 1
FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not pres
prompt.
What is the most likely reason for this situation?
Select one:
The user was authenticated using passive authentication.
The user is using a guest account profile.
No matching user account exists for this user.
The user is using a super admin account.
Question 19
Incorrect
Mark 0 out of 1
Which two statements about incoming and outgoing interfaces in firewall policies are true? (Choose two.)
Question 20
Correct
Mark 1 out of 1
Select one:
When a remote user accesses https://10.200.1.1:443, the FortiGate login page opens.
The settings are invalid. The administrator settings and the SSL-VPN settings cannot use the same port.
When a remote user accesses http://10.200.1.1:443, the SSL-VPN login page opens.
When a remote user accesses https://10.200.1.1:443, the SSL-VPN login page opens.
Question 21
Incorrect
Mark 0 out of 1
Select one:
SSL certificate inspection when protecting a local SSL server.
SSL certificate inspection when protecting multiple clients connecting to multiple servers.
SSL traffic inspection when protecting a local SSL server.
SSL traffic inspection when protecting multiple clients connecting to multiple servers.
Question 22
Correct
Mark 1 out of 1