Question 71
Refer to the exhibits.
The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.
How will FortiGate handle user authentication for traffic that arrives on the LAN interface?
A. If there is a fall-through policy in place, users will not be prompted for authentication.
B. Authentication is enforced at a policy level; all users will be prompted for authentication.
C. All users will be prompted for authentication, users from the Sales group can authenticate successfully with the correct credentials.
D. All users will be prompted for authentication, users from the HR group can authenticate successfully with the correct credentials.
Question 72
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
A. By default, all interfaces are part of the same broadcast domain.
B. FortiGate forwards frames without changing the MAC address.
C. Static routes are required to allow traffic to the next hop.
D. The existing network IP schema must be changed when installing a transparent mode FortiGate in the network.
Question 73
An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must an administrator do to achieve this objective?
A. The administrator must use the user self-registration server.
B. The administrator must use a FortiAuthenticator device.
C. The administrator can register the same FortiToken on more than one FortiGate.
D. The administrator can use a third-party radius OTP server.
Question 74
An administrator needs to increase network bandwidth and provide redundancy.
What interface type must the administrator select to bind multiple FortiGate interfaces?
A. Aggregate interface
B. VLAN interface
C. Redundant interface
D. Software Switch interface
Question 75
Which two types of traffic are managed only by the management VDOM? (Choose two.)
A. PKI
B. FortiGuard web filter queries
C. DNS
D. Traffic shaping
Question 76
In which two ways can RPF checking be disabled? (Choose two.)
A. Enable anti-replay in firewall policy.
B. Disable the RPF check at the FortiGate interface level for the source check.
C. Disable strict-src-check under system settings.
D. Enable asymmetric routing.
Question 77
Which two statements are true about collector agent advanced mode? (Choose two.)
A. Security profiles can be applied only to user groups, not individual users.
B. FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate.
C. Advanced mode supports nested or inherited groups.
D. Advanced mode uses Windows convention - NetBios: Domain\Username.
Question 78
What devices form the core of the security fabric?
A. Two FortiGate devices and one FortiAnalyzer device
B. One FortiGate device and one FortiManager device
C. One FortiGate device and one FortiAnalyzer device
D. Two FortiGate devices and one FortiManager device
Question 79
Refer to the FortiGuard connection debug output.
Based on the output shown in the exhibit, which two statements are correct? (Choose two.)
A. There is at least one server that lost packets consecutively.
B. One server was contacted to retrieve the contract information.
C. A local FortiManager is one of the servers FortiGate communicates with.
D. FortiGate is using default FortiGuard communication settings.
Question 80
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
A. It limits the scanning of application traffic to use parent signatures only.
B. It limits the scanning of application traffic to the browser-based technology category only.
C. It limits the scanning of application traffic to the DNS protocol only.
D. It limits the scanning of application traffic to the application category only.
