Q1. - (Topic 5)
Regarding the use of web-only mode SSL VPN, which statement is correct?
A. It supports SSL version 3 only.
B. It requires a Fortinet-supplied plug-in on the web client.
C. It requires the user to have a web browser that supports 64-bit cipher length.
D. The JAVA run-time environment must be installed on the client.
Answer: C
Q2. - (Topic 2)
Regarding the header and body sections in raw log messages, which statement is correct?
A. The header and body section layouts change depending on the log type.
B. The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type.
C. Some log types include multiple body sections.
D. Some log types do not include a body section.
Answer: B
Q3. - (Topic 22)
Which is one of the conditions that must be met for offloading the encryption and decryption of IPsec traffic to an NP6 processor?
A. No protection profile can be applied over the IPsec traffic.
B. Phase-2 anti-replay must be disabled.
C. Both the phase 1 and phases 2 must use encryption algorithms supported by the NP6.
D. IPsec traffic must not be inspected by any FortiGate session helper.
Answer: C
Q4. - (Topic 7)
Which statement is correct regarding virus scanning on a FortiGate unit?
A. Virus scanning is enabled by default.
B. Fortinet customer support enables virus scanning remotely for you.
C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy.
D. Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate.
Answer: C
Q5. - (Topic 13)
Examine the following spanning tree configuration on a FortiGate in transparent mode:
config system interface
edit <interface name>
set stp-forward enable
end
Which statement is correct for the above configuration?
A. The FortiGate participates in spanning tree.
B. The FortiGate device forwards received spanning tree messages.
C. Ethernet layer-2 loops are likely to occur.
D. The FortiGate generates spanning tree BPDU frames.
Answer: B
Q6. - (Topic 7)
Which antivirus inspection mode must be used to scan SMTP, FTP, POP3 and SMB protocols?
A. Proxy-based.
B. DNS-based.
C. Flow-based.
D. Man-in-the-middle.
Answer: C
Q7. - (Topic 1)
When creating FortiGate administrative users, which configuration objects specify the account rights?
A. Remote access profiles.
B. User groups.
C. Administrator profiles.
D. Local-in policies.
Answer: C
Q8. - (Topic 17)
Which are two requirements for DC-agent mode FSSO to work properly in a Windows AD environment? [Choose two.]
A. DNS server must properly resolve all workstation names.
B. The remote registry service must be running in all workstations.
C. The collector agent must be installed in one of the Windows domain controllers.
D. A same user cannot be logged in into two different workstations at the same time.
Answer: A,B
Q9. - (Topic 19)
Data leak prevention archiving gives the ability to store files and message data onto a
FortiAnalyzer unit for which of the following types of network traffic? (Choose three.)
A. POP3
B. SNMP
C. IPsec
D. SMTP
E. HTTP
Answer: A,D,E
Q10. - (Topic 6)
What is IPsec Perfect Forwarding Secrecy (PFS)?.
A. A phase-1 setting that allows the use of symmetric encryption.
B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires.
C. A ‘key-agreement’ protocol.
D. A ‘security-association-agreement’ protocol.
Answer: B