Question 51
Which two statements about application-layer test commands are true? (Choose two.)
A. Some of them display real-time application debugs.
B. Some of them can be used to restart an application.
C. Some of them display statistics and configuration information about a feature or process.
D. Some of them only display output, after you run the diagnose debug console enable command.
Question 52
What does the dirty flag mean in a FortiGate session configured for NGFW policy mode?
A. The existing session table entry has been updated with the app_id and the firewall policy table needs to be checked for a match.
B. The application or URL category is unknown and needs to be rescanned by the IPS engine to try to identify the Layer 7 details.
C. The URL category for this session has been updated by FortiGuard and the session needs to be checked against the policy again to ensure proper web filtering is applied.
D. Traffic has been identified as coming from an application that is not allowed and the relevant replacement message needs to be displayed to the user, if configured.
Question 53
Refer to the exhibit, which shows the output of a BGP debug command.
Which statement explains why the state of the 10.200.3.1 peer is Connect?
A. The local router has a different AS number than the remote peer.
B. The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the openConfirm yet.
C. The local router initiated the BGP session to 10.200.3.1 but did not receive a response.
D. The router 10.200.3.1 has authentication configured for BGP and the local router does not.
Question 54
Refer to the exhibit, which contains a CLI script configuration on FortiManager.
An administrator configured the CLI script on FortiManager, but the script failed to apply any changes to the managed device after being executed.
What are two reasons why the script did not make any changes to the managed device? (Choose two.)
A. Static routes can be added using only TCL scripts.
B. The commands that start with the # sign did not run.
C. CLI scripts must start with #!.
D. Incomplete commands can cause CLI scripts to fail.
Question 55
An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?
A. diagnose sniffer packet any ‘ah’
B. diagnose sniffer packet any ‘ip proto 50’
C. diagnose sniffer packet any ‘udp port 4500’
D. diagnose sniffer packet any ‘udp port 500’
Question 56
Refer to the exhibit, which contains partial output from an IKE real-time debug.
Based on the debug output, which phase 1 setting is enabled in the configuration of this VPN?
A. auto-discovery-receiver
B. auto-discovery-forwarder
C. auto-discovery-shortcut
D. auto-discovery-sender
Question 57
Refer to the exhibit, which shows the output of get system ha status. NGFW-1 and NGFW-2 have been up for a week.
Which two statements about the output are true? (Choose two.)
A. If FGVM...649 is rebooted, FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.
B. If no action is taken, the primary FortiGate will leave the cluster due to the current sync status.
C. If port7 becomes disconnected on the secondary, both FortiGate devices will elect itself the primary.
D. If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.
Question 58
Which two conditions would prevent a static route from being added to the routing table? (Choose two.)
A. There is another other route to the same destination, with a lower distance.
B. The route has a lower priority value than another route to the same destination.
C. The next-hop IP address is unreachable.
D. The interface specified in the route configuration is down.
Question 59
In which two states is a given session categorized as ephemeral? (Choose two.)
A. A TCP session waiting for FIN ACK
B. A UDP session with packets sent and received
C. A UDP session with only one packet received
D. A TCP session waiting for the SYN ACK
Question 60
Which two statements about conserve mode are true? (Choose two.)
A. FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.
B. FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.
C. FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.
D. FortiGate exits conserve mode when the system memory goes below the configured green threshold.
