Win IT Exam with Last Dumps 2024

A customer wants to use the FortiAuthenticator REST API to retrieve an SSO group called SalesGroup. The following API call is being made with the ‘curl’ utility:
Which two statements correctly describe the expected behavior of the FortiAuthenticator REST API? (Choose two.)

A. Only users with the “Full permission” role can access the REST API

B. This API call will fail because it requires that API version 2

C. If the REST API web service access key is lost, it cannot be retrieved and must be changed.

D. The syntax is incorrect because the API calls needs the get method

Refer to the exhibit.
A customer has deployed a FortiGate 200F high-availability (HA) cluster that contains a TPM chip. The exhibit shows output from the FortiGate CLI session where the administrator enabled TPM.
Following these actions, the administrator immediately notices that both FortiGate high availability (HA) status and FortiManager status for the FortiGate are negatively impacted.
What are the two reasons for this behavior? (Choose two.)

A. The private-data-encryption key entered on the primary did not match the value that the TPM expected.

B. Configuration for TPM is not synchronized between FortiGate HA cluster members.

C. The FortiGate has not finished the auto-update process to synchronize the new configuration to FortiManager yet.

D. TPM functionality is not yet compatible with FortiGate HA.

E. The administrator needs to manually enter the hex private data encryption key in FortiManager.

Refer to the exhibits.
Dictionary -Recipient -Topology -The exhibits show a FortiMail network topology, Inbound configuration settings, and a Dictionary Profile.
You are required to integrate a third-party’s host service (srv.thirdparty.com) into the e-mail processing path.
All inbound e-mails must be processed by FortiMail antispam and antivirus with FortiSandbox integration. If the email is clean, FortiMail must forward it to the third-party service, which will send the email back to FortiMail for final delivery. FortiMail must not scan the e-mail again.
Which three configuration tasks must be performed to meet these requirements? (Choose three.)

A. Change the scan order in FML-GW to antispam-sandbox-content

B. Apply the Catch-All profile to the CF_Inbound profile and configure a content action profile to deliver to the srv.thirdparty.com FQDN

C. Create an access receive rule with a Sender value of srv.thirdparty.com, Recipient value of *@acme.com, and action value of Safe

D. Apply the Catch-All profile to the AS_Inbound profile and configure an access delivery rule to deliver to the 100.64.0.72 host

E. Create an IP policy with a Source value of 100.64.0.72/32, enable precedence, and place the policy at the top of the list

Refer to the exhibit showing a FortiSOAR playbook.
You are investigating a suspicious e-mail alert on FortiSOAR, and after reviewing the executed playbook, you can see that it requires intervention.
What should be your next step?

A. Go to the Incident Response tasks dashboard and run the pending actions

B. Click on the notification icon on FortiSOAR GUI and run the pending input action

C. Run the Mark Drive by Download playbook action

D. Reply to the e-mail with the requested Playbook action

Review the following FortiGate-6000 configuration excerpt:
Based on the configuration, which statement is correct regarding SNAT source port partitioning behavior?

A. It dynamically distributes SNAT source ports to operating FPCs or FPMs.

B. It is the default SNAT configuration and preserves active sessions when an FPC or FPM goes down.

C. It statically distributes SNAT source ports to operating FPCs or FPMs.

D. It equally distributes SNAT source ports across chassis slots.

Refer to the exhibit.
You have been tasked with replacing the managed switch FortiSwitch 2 shown in the topology.
Which two actions are correct regarding the replacement process? (Choose two.)

A. After replacing the FortiSwitch unit, the automatically created trunk name does not change.

B. MCLAG-ICL needs to be manually reconfigured once the new switch is connected to the FortiGate.

C. After replacing the FortiSwitch unit, the automatically created trunk name changes.

D. MCLAG-ICL will be automatically reconfigured once the new switch is connected to the FortiGate.

A customer with a FortiDDoS 200F protecting their fibre optic internet connection from incoming traffic sees that all the traffic was dropped by the device even though they were not under a DoS attack. The traffic flow was restored after it was rebooted using the GUI.
Which two options will prevent this situation in the future? (Choose two.)

A. Change the Adaptive Mode.

B. Create an HA setup with a second FortiDDoS 200F.

C. Move the internet connection from the SFP interfaces to the LC interfaces.

D. Replace with a FortiDDoS 1500F.

Refer to the exhibit.
The exhibit shows two error messages from a FortiGate root Security Fabric device when you try to configure a new connection to a FortiClient EMS Server.
Referring to the exhibit, which two actions will fix these errors? (Choose two.)

A. Verify that the CRL is accessible from the root FortiGate.

B. Export and import the FortiClient EMS server certificate to the root FortiGate.

C. Install a new known CA on the Win2K16-EMS server.

D. Authorize the root FortiGate on the FortiClient EMS.

An administrator has configured a FortiGate device to authenticate SSL VPN users using dogotal certificates. A FortiAuthenticator is the certificate authority (CA) and the Online Certificate Status Protocol (OCSP) server.
Part of the FortiGate configuration is shown below:
Based on this configuration, which two statements are true? (Choose two.)

A. OCSP checks will always go to the configured FortiAuthenticator

B. The OCSP check of the certificate can be combined with a certificate revocation list

C. OCSP certificate responses are never cached by the FortiGate

D. If the OCSP server is unreachable, authentication will succeed if the certificate matches the CA

Refer to the exhibit.
To facilitate a large-scale deployment of SD-WAN/ADVPN with FortiGate devices, you are tasked with configuring the FortiGate devices to support injecting of IKE routes on the ADVPN shortcut tunnels.
Which three commands must be added or changed to the FortiGate spoke config vpn ipsec phase1-interface options referenced in the exhibit for the VPN interface to enable this capability? (Choose three.)

A. set net-device disable

B. set mode-cfg enable

C. set ike-version 1

D. set add-route enable

E. set mode-cfg-allow-client-selector enable