Question 31
Which two statements about an auxiliary session are true? (Choose two.)
A. With the auxiliary session setting disabled, only auxiliary sessions are offloaded.
B. With the auxiliary session setting enabled, two sessions are created in case of routing change.
C. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.
D. With the auxiliary session setting disabled, for each traffic path, FortiGate uses the same auxiliary session.
Question 32
Which ADVPN configuration must be configured using a script on FortiManager, when using VPN Manager to manage FortiGate VPN tunnels?
A. Set protected network to all
B. Enable AD-VPN in IPsec phase 1
C. Configure IP addresses on IPsec virtual interfaces
D. Disable add-route on hub
Question 33
Refer to the exhibit, which shows the output of a diagnose command
What can you conclude from the RTT value?
A. Its value represents the time it takes to receive a response after a rating request is sent to a particular server.
B. Its value is incremented with each packet lost.
C. It determines which FortiGuard server is used for license validation.
D. Its initial value is statically set to 10.
Question 34
Which action will FortiGate take when using the default settings for SSL certificate inspection, where the server name indication (SNI) does not match either the common name (CN) or any of the subject altemative names (SAN) in the server certificate?
A. FortiGate uses the CN information from the Subject field in the server certificate.
B. FortiGate uses the first entry listed in the SAN field in the server certificate.
C. FortiGate uses the SNI from the user's web browser.
D. FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
Question 35
Refer to the exhibit, which shows the output of a BGP debug command.
What can be concluded about the router in this scenario?
A. The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the BGP session with the local router.
B. The State/PfxRcd for neighbor 100.64.3.1 will not change until an administrator on the local router adjusts the inbound route filtering so that prefixes received can be added to the RIB.
C. All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.
D. The BGP session with peer 10.127.0.75 is up.
Question 36
How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)
A. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.
B. When run on the Device Database, changes are applied directly to the managed FortiGate device.
C. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
D. When run on the Policy Package, ADOM database, you must use the installation wizard to apply the changes to the managed FortiGate device.
Question 37
Which two tasks are automated using the Import Configuration wizard on FortiManager? (Choose two.)
A. Importing firewall address objects from managed devices
B. Importing interface mappings from managed devices
C. Importing static and dynamic route configurations from managed devices
D. Importing devices to FortiManager
Question 38
Which statement about protocol options is true?
A. Protocol options allows administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.
B. Protocol options allows administrators the ability to configure the Any setting for all enabled protocols which provides the most efficient use of system resources.
C. Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.
D. Protocol options allows administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.
Question 39
An administrator has created a VPN community within VPN Manager on FortiManager. They also added gateways to the VPN community and are now trying to create firewall policies to permit traffic over the tunnel; however, the VPN interfaces are not listed as available options.
What step must the administrator take to resolve this issue?
A. Install the VPN community and gateway configuration to the FortiGate devices, in order for the interfaces to be displayed within Policy & Objects on FortiManager
B. Set up all of the phase 1 settings in the VPN community that they neglected to set up initially. The interfaces will be automatically generated after the administrator configures all of the required settings.
C. Refresh the device status from the Device Manager so that FortiGate will populate the IPsec interfaces.
D. Create interface mappings for the IPsec VPN interfaces, before they can be used in a policy.
Question 40
Refer to the exhibit, which shows the output of a diagnose command.
What can be concluded about the debug output in this scenario?
A. Servers with a negative TZ value are less preferred for rating requests.
B. There is a natural correlation between the value in the Packets field and the value in the Weight field.
C. FortiGate used 64.26.151.37 as the initial server to validate its contract.
D. The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121.111.236.179.
