24/3/2021 FortiGate Essentials - Quiz #1: Attempt review

 FortiGate Essentials 6.4 Self-Paced

Started on Wednesday, March 24, 2021, 3:12 PM

State Finished
Completed on Wednesday, March 24, 2021, 3:47 PM
Time taken 34 mins 53 secs
Points 10/15
Grade 67 out of 100

Question 1 An administrator needs to create a tunnel mode SSL-VPN to access an internal web server from the Internet. The web server is
Incorrect connected to port1. The Internet is connected to port2. Both interfaces belong to the VDOM named Corporation.
0 points out of 1  
Which interface must be used as the source for the firewall policy that will allow this traffic?

Select one:
port2  Incorrect. Review the Configuring SSL-VPN section in the SSL-VPN lesson.

ssl.root

ssl.Corporation

port1

Question 2 A FortiGate is configured for Firewall Authentication. When attempting to access an external website, the user is not presented with a
Correct login prompt.
1 points out of 1  
What is the most likely reason for this situation?

Select one:
The user is using a guest account profile.

The user is using a super admin account.

The user was authenticated using passive authentication. 

No matching user account exists for this user.

Question 3 An administrator needs to configure two static default routes pointing to two ISPs. The administrator wants to have both static
Incorrect routes active in the routing table.
0 points out of 1  
Which configuration setting must match in both routes to achieve this?

Select one:
Priority

Metric

Distance

Outgoing interface  Incorrect. Review the Routing Monitor and Route Attributes section in the Routing lesson.

Question 4 Which three methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose
Correct three.)
1 points out of 1
Select one or more:
SMS text message 

FortiToken 

Email 

Instant message app

Voicemail message
https://training.fortinet.com/mod/quiz/review.php?attempt=6689524&cmid=76207 1/4
24/3/2021 FortiGate Essentials - Quiz #1: Attempt review

Question 5 Which two statements about blocking known Botnet Command and Control domains are true? (Choose two.)
Correct

1 points out of 1 Select one or more:

DNS lookups are checked against the Botnet Command and Control database. 

The Botnet Command and Control domains can be enabled in the Web Filter profile.

You must manually download the Botnet Command and Control database and import it into FortiGate.

This service requires a FortiGuard web filter and IPS license. 

Question 6 Which security processing unit (SPU) is optimized for entry-level FortiGate models?
Incorrect

0 points out of 1 Select one:

Network processor

System-on-a-chip processor

Content processor

Security processor  Incorrect. Review the High-Level Features section in the Introduction and Initial Configuration lesson.

Question 7 Which two statements about incoming and outgoing interfaces in firewall policies are true? (Choose two.)
Correct

1 points out of 1 Select one or more:

An incoming interface is mandatory in a firewall policy, but an outgoing interface is optional.

Only the any interface can be chosen as an incoming interface.

Multiple interfaces can be selected as incoming and outgoing interfaces. 

A zone can be chosen as the outgoing interface. 

Question 8 Which three actions are valid for static URL filtering? (Choose three.)
Correct

1 points out of 1 Select one or more:

Exempt 

Block 

Allow 

Shape

Warning

Question 9 What is the purpose of the Policy Lookup feature?

Correct

1 points out of 1 Select one:

It searches the matching policy based on input criteria. 

It creates a new firewall policy based on input criteria.

It finds duplicate objects in firewall policies.

It creates packet flow over FortiGate by sending real-time traffic.

Question 10 Which two modes are FortiGate operation modes? (Choose two.)
Correct

1 points out of 1 Select one or more:

Database

NAT 

Transparent 
https://training.fortinet.com/mod/quiz/review.php?attempt=6689524&cmid=76207 2/4
24/3/2021
p FortiGate Essentials - Quiz #1: Attempt review

Bridge

Question 11 Which NAT mode is supported by a VDOM configured as NGFW Policy-based mode?
Correct

1 points out of 1 Select one:

IP pool

IP range

Central SNAT 

Firewall NAT

Question 12 Which inspection mode allows administrators to select the network applications from the firewall policy configuration?
Correct

1 points out of 1 Select one:

Proxy

Scanning

NGFW Policy-based 

Certificate-based

Question 13 Which protocol can be used to dynamically assign an IP address to a physical interface?
Incorrect

0 points out of 1 Select one:

BOOTP

PPPoE

ICMP

IP Config  Incorrect. Review the Basic Administration section in the Introduction and Initial Configuration lesson.

Question 14 What information can the client integrity check collect about applications running in SSL-VPN clients? (Choose two.)
Incorrect

0 points out of 1 Select one or more:

Application-specific settings

Signature updates 

Current software version

Use name  Incorrect. Review the Hardening SSL-VPN Access section in the SSL-VPN lesson.

Question 15 Examine the exhibit showing a routing table.

Correct

1 points out of 1

Which route will be selected when trying to reach 10.20.30.254?

Select one:
10.20.30.0/26 [10/0] via 172.20.168.254, port2

10.20.30.0/24 [10/0] via 172.20.167.254, port3 

10.30.20.0/24 [10/0] via 172.20.121.2, port1

0.0.0.0/0 [10/0] via 172.20.121.2, port1

https://training.fortinet.com/mod/quiz/review.php?attempt=6689524&cmid=76207 3/4
24/3/2021 FortiGate Essentials - Quiz #1: Attempt review

https://training.fortinet.com/mod/quiz/review.php?attempt=6689524&cmid=76207 4/4