Question 21
Refer to the exhibit, which contains a session list output.
Based on the information shown in the exhibit, which statement is true?
A. One-to-one NAT IP pool is used in the firewall policy.
B. Destination NAT is disabled in the firewall policy.
C. Port block allocation IP pool is used in the firewall policy.
D. Overload NAT IP pool is used in the firewall policy.
Question 22
Which two statements are correct about SLA targets? (Choose two.)
A. You can configure only two SLA targets per one Performance SLA.
B. SLA targets are optional.
C. SLA targets are required for SD-WAN rules with a Best Quality strategy.
D. SLA targets are used only when referenced by an SD-WAN rule.
Question 23
Refer to the exhibit, which contains a session diagnostic output.
Which statement is true about the session diagnostic output?
A. The session is in SYN_SENT state.
B. The session is in FIN_WAIT state.
C. The session is in ESTABLISHED state.
D. The session is in FIN_ACK state.
Question 24
Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?
A. The security actions applied on the web applications will also be explicitly applied on the third-party websites.
B. The application signature database inspects traffic only from the original web application server.
C. FortiGuard maintains only one signature of each web application that is unique.
D. FortiGate can inspect sub-application traffic regardless where it was originated.
Question 25
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
A. Intrusion prevention system engine
B. Detection engine
C. Flow engine
D. Antivirus engine
Question 26
Why does FortiGate keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?
A. To allow for out-of-order packets that could arrive after the FIN/ACK packets
B. To finish any inspection operations
C. To generate logs
D. To remove the NAT operation
Question 27
Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
A. On HQ-FortiGate, enable Auto-negotiate.
B. On HQ-FortiGate, enable Diffie-Hellman Group 2.
C. On HQ-FortiGate, set Encryption to AES256.
D. On Remote-FortiGate, set Seconds to 43200.
Question 28
Refer to the exhibit.
Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct if option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
A. The IPS engine will continue to run in a normal state.
B. The IPS engine was unable to prevent an intrusion attack.
C. The IPS engine was blocking all traffic.
D. The IPS engine was inspecting high volume of traffic.
Question 29
An administrator has configured the following settings:
What are the two results of this configuration? (Choose two.)
A. A session for denied traffic is created.
B. Denied users are blocked for 30 minutes.
C. The number of logs generated by denied traffic is reduced.
D. Device detection on all interfaces is enforced for 30 minutes.
Question 30
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?
A. get system performance status
B. get system status
C. get system arp
D. diagnose sys top
