NEW QUESTION 1
Examine the exhibit; then answer the question below.

Which statement describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit?

• A. They indicate that the FortiGate has the latest updates available from the FortiGuard Distribution Network.
• B. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit.
• C. They indicate that the FortiGate is in the process of downloading updates from the FortiGuard Distribution Network.
• D. They indicate that the FortiGate is able to connect to the FortiGuard Distribution Network.

Answer: D

NEW QUESTION 2
Which statement best describes what a Fortinet System on a Chip (SoC) is?

• A. Low-power chip that provides general purpose processing power
• B. Chip that combines general purpose processing power with Fortinet’s custom ASIC technology
• C. Light-version chip (with fewer features) of an SP processor
• D. Light-version chip (with fewer features) of a CP processor

Answer: B

NEW QUESTION 3
In FortiOS session table output, what are the two possible ‘proto_state’ values for a UDP session? (Choose two.)

• A. 00
• B. 11
• C. 01
• D. 05

Answer: AC

NEW QUESTION 4
A FortiGate is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root.
Which of the following settings will this administrator be able to configure? (Choose two.)

• A. Firewall addresses
• B. DHCP servers
• C. FortiGuard Distribution Network configuration.
• D. System hostname.

Answer: AB

NEW QUESTION 5
Which of the following statements are true about PKI users created in a FortiGate device? (Choose two.)

• A. Can be used for token-based authentication
• B. Can be used for two-factor authentication
• C. Are used for certificate-based authentication
• D. Cannot be members of user groups

Answer: AB

NEW QUESTION 6
In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?

• A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
• B. Request: internal host; slave FortiGate; Internet; web server.
• C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
• D. Request: internal host; master FortiGate; slave FortiGate; Internet; web server.

Answer: D

NEW QUESTION 7
Which of the following regular expression patterns makes the terms “confidential data” case insensitive?

• A. [confidential data]
• B. /confidential data/i
• C. i/confidential data/
• D. “confidential data”

Answer: B

NEW QUESTION 8
What are two requirements for DC-agent mode FSSO to work properly in a Windows AD environment? (Choose two.)

• A. DNS server must properly resolve all workstation names
• B. The remote registry service must be running in all workstations
• C. The collector agent must be installed in one of the Windows domain controllers
• D. A same user cannot be logged in into two different workstations at the same time

Answer: AB

NEW QUESTION 9
Which of the following items does NOT support the Logging feature?

• A. File Filter
• B. Application control
• C. Session timeouts
• D. Administrator activities
• E. Web URL filtering

Answer: C

NEW QUESTION 10
Which statement describes what the CLI command diagnose debug authd fsso list is used for?

• A. Monitors communications between the FSSO collector agent and FortiGate unit.
• B. Displays which users are currently logged on using FSSO.
• C. Displays are listing of all connected FSSO collector agents.
• D. Lists all DC Agents installed on all domain controllers.

Answer: B

NEW QUESTION 11
Which action does the FortiGate take when link health monitor times out?

• A. All routes to the destination subnet configured in the link health monitor are removed from the routing table.
• B. The distance values of all routes using interface configured in the link health monitor are increased.
• C. The priority values of all routes using configured in the link health monitor are increased.
• D. All routes using the next-hop gateway configured in the link health monitor are removed from the routing table.

Answer: D

NEW QUESTION 12
If you have lost your password for the "admin" account on your FortiGate, how should you reset it?

• A. Log in with another administrator account that has "super_admin" profile permissions, then reset the password for the "admin" account.
• B. Reboot the FortiGat
• C. Via the local console, during the boot loader, use the menu to format the flash disk and reinstall the firmwar
• D. Then you can log in with the default password.
• E. Power off the FortiGat
• F. After several seconds, restart i
• G. Via the local console, within 30 seconds after booting has completed, log in as "maintainer" and enter the CLI commands to set the password for the "admin" account.
• H. Reboot the FortiGat
• I. Via the local console, during the boot loader, use the menu to log in as "maintainer" and enter the CLI commands to set the password for the "admin" account.

Answer: C

NEW QUESTION 13
When creating FortiGate administrative users, which configuration objects specify the account rights?

• A. Remote access profiles.
• B. User groups.
• C. Administrator profiles.
• D. Local-in policies.

Answer: C

NEW QUESTION 14
Which of the following are considered log types? (Choose three.)

• A. Forward log
• B. Traffic log
• C. Syslog
• D. Event log
• E. Security log

Answer: BDE

NEW QUESTION 15
Which of the following statements are correct concerning IKE mode config? (Choose two)

• A. It can dynamically assign IP addresses to IPsec VPN clients.
• B. It can dynamically assign DNS settings to IPsec VPN clients.
• C. It uses the ESP protocol.
• D. It can be enabled in the phase 2 configuration.

Answer: AB

NEW QUESTION 16
Which statement describes how traffic flows in sessions handled by a slave unit in an active-active HA cluster?

• A. Packet are sent directly to the slave unit using the slave physical MAC address.
• B. Packets are sent directly to the slave unit using the HA virtual MAC address.
• C. Packets arrived at both units simultaneously, but only the salve unit forwards the session.
• D. Packets are first sent to the master unit, which then forwards the packets to the slave unit.

Answer: D