NEW QUESTION 1
Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.
# diagnose debug authd fsso list —FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is
NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?

• A. The IP address recorded in the logon event for the user STUDENT.
• B. The DNS name resolution for the workstation name INTERNAL2. TRAININ
• C. LAB.
• D. The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2.TRAININ
• E. LAB.
• F. The reserve DNS lookup forthe IP address 192.168.3.1.

Answer: C

NEW QUESTION 2
Which two statements about an auxiliary session are true? (Choose two.)

• A. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.
• B. With the auxiliary session setting enabled, two sessions will be created in case of routing change.
• C. With the auxiliary session setting disabled, for each traffic path, FortiGate will use the same auxiliary session.
• D. With the auxiliary session disabled, only auxiliary sessions will be offloaded.

Answer: CD

NEW QUESTION 3
What is the purpose of an internal segmentation firewall (ISFW)?

• A. It inspects incoming traffic to protect services in the corporate DMZ.
• B. It is the first line of defense at the network perimeter.
• C. It splits the network into multiple security segments to minimize the impact of breaches.
• D. It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

Answer: C

Explanation:
ISFW splits your network into multiple security segments. They serve as a breach containers from attacks that come from inside.

NEW QUESTION 4
When does a RADIUS server send an Access-Challenge packet?

• A. The server does not have the user credentials yet.
• B. The server requires more information from the user, such as the token code for two-factor authentication.
• C. The user credentials are wrong.
• D. The user account is not found in the server.

Answer: B

NEW QUESTION 5
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Which statements about this debug output are correct? (Choose two.)

• A. The remote gateway IP address is 10.0.0.1.
• B. It shows a phase 1 negotiation.
• C. The negotiation is using AES128 encryption with CBC hash.
• D. The initiator has provided remote as its IPsec peer ID.

Answer: BD

NEW QUESTION 6
An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit’s session to indicate that it has been synchronized to the secondary unit?

• A. redir.
• B. dirty.
• C. synced
• D. nds.

Answer: C

Explanation:
The synced sessions have the ‘synced’ flag. The command ‘diag sys session list’ can be used to see the sessions on the member, with the associated flags.

NEW QUESTION 7
View the exhibit, which contains the output of get sys ha status, and then answer the question below.

Which statements are correct regarding the output? (Choose two.)

• A. The slave configuration is not synchronized with the master.
• B. The HA management IP is 169.254.0.2.
• C. Master is selected because it is the only device in the cluster.
• D. port 7 is used the HA heartbeat on all devices in the cluster.

Answer: AD

NEW QUESTION 8
Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

• A. Finance and banking
• B. General organization.
• C. Business.
• D. Information technology.

Answer: C

NEW QUESTION 9
What is the diagnose test application ipsmonitor 99 command used for?

• A. To enable IPS bypass mode
• B. To provide information regarding IPS sessions
• C. To disable the IPS engine
• D. To restart all IPS engines and monitors

Answer: D

NEW QUESTION 10
View the exhibit, which contains the output of a diagnose command, and then answer the question below.

What statements are correct regarding the output? (Choose two.)

• A. This is an expected session created by a session helper.
• B. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.
• C. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.
• D. This is an expected session created by an application control profile.

Answer: AC

NEW QUESTION 11
The CLI command set intelligent-mode <enable | disable> controls the IPS engine’s adaptive scanning behavior. Which of the following statements describes IPS adaptive scanning?

• A. Determines the optimal number of IPS engines required based on system load.
• B. Downloads signatures on demand from FDS based on scanning requirements.
• C. Determines when it is secure enough to stop scanning session traffic.
• D. Choose a matching algorithm based on available memory and the type of inspection being performed.

Answer: C

Explanation:
Configuring IPS intelligenceStarting with FortiOS 5.2, intelligent-mode is a new adaptive detection method. This command is enabled the default and it means that the IPS engine will perform adaptive scanning so that, for some traffic, the FortiGate can quickly finish scanning and offload the traffic to NPU or kernel. It is a balanced method which could cover all known exploits. When disabled, the IPS engine scans every single byte. config ips globalset intelligent-mode {enable|disable}end

NEW QUESTION 12
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

• A. The local router's BGP state is Established with the 10.125.0.60 peer.
• B. Since the counters were last reset; the 10.200.3.1 peer has never been down.
• C. The local router has received a total of three BGP prefixes from all peers.
• D. The local router has not established a TCP session with 100.64.3.1.

Answer: AD

NEW QUESTION 13
View the exhibit, which contains the partial output of an IKE real time debug, and then answer the question below.

The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?

• A. Change phase 1 encryption to AESCBC and authentication to SHA128.
• B. Change phase 1 encryption to 3DES and authentication to CBC.
• C. Change phase 1 encryption to AES128 and authentication to SHA512.
• D. Change phase 1 encryption to 3DES and authentication to SHA256.

Answer: B

NEW QUESTION 14
View the exhibit, which contains the output of a web diagnose command, and then answer the question below.

Which one of the following statements explains why the cache statistics are all zeros?

• A. The administrator has reallocated the cache memory to a separate process.
• B. There are no users making web requests.
• C. The FortiGuard web filter cache is disabled in the FortiGate’s configuration.
• D. FortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection.

Answer: C

NEW QUESTION 15
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

• A. For the peer 10.125.0.60, the BGP state of is Established.
• B. The local BGP peer has received a total of three BGP prefixes.
• C. Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.
• D. The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.

Answer: AD

NEW QUESTION 16
An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.

Why didn’t the script make any changes to the managed device?

• A. Commands that start with the # sign are not executed.
• B. CLI scripts will add objects only if they are referenced by policies.
• C. Incomplete commands are ignored in CLI scripts.
• D. Static routes can only be added using TCL scripts.

Answer: A

Explanation:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1000_Device%20Manager/2400_Sc
A sequence of FortiGate CLI commands, as you would type them at the command line. A comment line starts with the number sign (#). A comment line will not be executed.

NEW QUESTION 17
......