Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 1)
When backing up the configuration file on a FortiGate unit, the contents can be encrypted
by enabling the encrypt option and supplying a password.
If the password is forgotten, the configuration file can still be restored using which of the following methods?
A. Selecting the recover password option during the restore process.
B. Having the password emailed to the administrative user by selecting the Forgot Password option.
C. Sending the configuration file to Fortinet Support for decryption.
D. If the password is forgotten, there is no way to use the file.
Answer: D
Q2. - (Topic 3)
Which of the following statements is not correct regarding virtual domains (VDOMs)?
A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
C. A backup management VDOM will synchronize the configuration from an active management VDOM.
D. VDOMs share firmware versions, as well as antivirus and IPS databases.
E. Only administrative users with a super_admin profile will be able to enter all VDOMs to make configuration changes.
Answer: C
Q3. - (Topic 1)
Users may require access to a web site that is blocked by a policy. Administrators can give users the ability to override the block. Which of the following statements regarding overrides are correct? (Select all that apply.)
A. A protection profile may have only one user group defined as an override group.
B. A firewall user group can be used to provide override privileges for FortiGuard Web Filtering.
C. Authentication to allow the override is based on a user's membership in a user group.
D. Overrides can be allowed by the administrator for a specific period of time.
Answer: B,C,D
Q4. - (Topic 3)
A FortiGate administrator configures a Virtual Domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in Web Config in the management VDOM.
What would be a possible cause for this problem?
A. The dmz interface is referenced in the configuration of another VDOM.
B. The administrator does not have the proper permissions to reassign the dmz interface.
C. Non-management VDOMs can not reference physical interfaces.
D. The dmz interface is in PPPoE or DHCP mode.
E. Reassigning an interface to a different VDOM can only be done through the CLI.
Answer: A
Q5. - (Topic 1)
The command structure of the CLI on a FortiGate unit consists of commands, objects, branches, tables and parameters. Which of the following items describes port1?
A. A command.
B. An object.
C. A table.
D. A parameter.
Answer: C
Q6. - (Topic 2)
Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it.
config router static
edit 1
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 10
set device port1
next
edit 2
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 20
set device port2
next
end
Which of the following statements correctly describes the static routing configuration provided above?
A. The FortiGate unit will evenly share the traffic to 172.20.168.0/24 through both routes.
B. The FortiGate unit will share the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.
C. The FortiGate unit will send all the traffic to 172.20.168.0/24 through port1.
D. Only the route that is using port1 will show up in the routing table.
Answer: C
Q7. - (Topic 1)
Examine the exhibit shown below; then answer the question following it.
Which of the following statements best describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit?
A. They indicate that the FortiGate unit is able to connect to the FortiGuard Distribution Network.
B. They indicate that the FortiGate unit has the latest updates that are available from the FortiGuard Distribution Network.
C. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit.
D. They indicate that the FortiGate unit is in the process of downloading updates from the FortiGuard Distribution Network.
Answer: A
Q8. - (Topic 1)
If a FortiGate unit has a dmz interface IP address of 210.192.168.2 with a subnet mask of 255.255.255.0, what is a valid dmz DHCP addressing range?
A. 172.168.0.1 - 172.168.0.10
B. 210.192.168.3 - 210.192.168.10
C. 210.192.168.1 - 210.192.168.4
D. All of the above.
Answer: B
Q9. - (Topic 1)
Which of the following antivirus and attack definition update options are supported by FortiGate units? (Select all that apply.)
A. Manual update by downloading the signatures from the support site.
B. Pull updates from the FortiGate device
C. Push updates from the FortiGuard Distribution Network.
D. ”update-AV/AS” command from the CLI
Answer: A,B,C
Q10. - (Topic 3)
A FortiGate unit is operating in NAT/Route mode and is configured with two Virtual LAN (VLAN) sub-interfaces added to the same physical interface.
Which of the following statements is correct regarding the VLAN IDs in this scenario?
A. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.
B. The two VLAN sub-interfaces must have different VLAN IDs.
C. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.
D. The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches.
Answer: B
Q11. - (Topic 1)
Which of the following statements are true regarding Local User Authentication? (Select all that apply.)
A. Local user authentication is based on usernames and passwords stored locally on the FortiGate unit.
B. Two-factor authentication can be enabled on a per user basis.
C. Administrators can create an account for the user locally and specify the remote server to verify the password.
D. Local users are for administration accounts only and cannot be used for identity policies.
Answer: A,B,C
Q12. - (Topic 1)
Which of the following are valid components of the Fortinet Server Authentication Extensions (FSAE)? (Select all that apply.)
A. Domain Local Security Agent.
B. Collector Agent.
C. Active Directory Agent.
D. User Authentication Agent.
E. Domain Controller Agent.
Answer: B,E
Q13. - (Topic 3)
A DLP rule with an action of Exempt has been matched against traffic passing through the FortiGate unit. Which of the following statements is correct regarding how this transaction will be handled by the FortiGate unit?
A. Any other matched DLP rules will be ignored with the exception of Archiving.
B. Future files whose characteristics match this file will bypass DLP scanning.
C. The traffic matching the DLP rule will bypass antivirus scanning.
D. The client IP address will be added to a white list.
Answer: A
Q14. - (Topic 3)
A FortiClient fails to establish a VPN tunnel with a FortiGate unit.
The following information is displayed in the FortiGate unit logs:
msg="Initiator: sent 192.168.11.101 main mode message #1 (OK)"
msg="Initiator: sent 192.168.11.101 main mode message #2 (OK)"
msg="Initiator: sent 192.168.11.101 main mode message #3 (OK)"
msg="Initiator: parsed 192.168.11.101 main mode message #3 (DONE)"
msg="Initiator: sent 192.168.11.101 quick mode message #1 (OK)"
msg="Initiator: tunnel 192.168.1.1/192.168.11.101 install ipsec sa"
msg="Initiator: sent 192.168.11.101 quick mode message #2 (DONE)"
msg="Initiator: tunnel 192.168.11.101, transform=ESP_3DES, HMAC_MD5"
msg="Failed to acquire an IP address
Which of the following statements is a possible cause for the failure to establish the VPN tunnel?
A. An IPSec DHCP server is not enabled on the external interface of the FortiGate unit.
B. There is no IPSec firewall policy configured for the policy-based VPN.
C. There is a mismatch between the FortiGate unit and the FortiClient IP addresses in the phase 2 settings.
D. The phase 1 configuration on the FortiGate unit uses Aggressive mode while FortiClient uses Main mode.
Answer: A
Q15. - (Topic 1)
Which of the following statements describes the method of creating a policy to block access to an FTP site?
A. Enable Web Filter URL blocking and add the URL of the FTP site to the URL Block list.
B. Create a firewall policy with destination address set to the IP address of the FTP site, the Service set to FTP, and the Action set to Deny.
C. Create a firewall policy with a protection profile containing the Block FTP option enabled.
D. None of the above.
Answer: B