Professional Documents
Culture Documents
Question 1
What is the limitation of using a URL list and application control on the same firewall policy, in
NGFW policy-based mode?
A. It limits the scanning of application traffic to the browser-based technology category only.
B. It limits the scanning of application traffic to the DNS protocol only.
C. It limits the scanning of application traffic to use parent signatures only.
D. It limits the scanning of application traffic to the application category only.
Correct Answer: A 🗳️
Questão 1
Qual é a limitação de usar uma lista de URLs e controle de aplicativos na mesma política de firewall, no modo
baseado em política NGFW?
A. Limita a verificação do tráfego de aplicativos apenas à categoria de tecnologia baseada em navegador.
B. Limita a verificação do tráfego de aplicativos apenas ao protocolo DNS.
C. Limita a verificação do tráfego do aplicativo para usar apenas as assinaturas dos pais.
D. Limita a verificação do tráfego de aplicativos apenas à categoria do aplicativo.
Question 2
Refer to the exhibits.
The exhibits show the firewall policies and the objects used in the firewall policies.
The administrator is using the Policy Lookup feature and has entered the search criteria
shown in the exhibit.
Questão 2
Consulte as exposições.
As exibições mostram as políticas de firewall e os objetos usados nas políticas de firewall.
O administrador está usando o recurso de pesquisa de política e inseriu os critérios de pesquisa mostrados na
exposição.
Qual política será destacada, com base nos critérios de entrada?
Which policy will be highlighted, based on the input criteria?
A. Policy with ID 4.
B. Policy with ID 5. Most Voted
C. Policies with ID 2 and 3.
D. Policy with ID 4.
Correct Answer: A 🗳️
Question 3
FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN)
subinterfaces added to the same physical interface.
In this scenario, what are two requirements for the VLAN ID? (Choose two.)
A. The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses
in the same subnet.
B. The two VLAN subinterfaces can have the same VLAN ID, only if they belong to different
VDOMs. Most Voted
C. The two VLAN subinterfaces must have different VLAN IDs. Most Voted
D. The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses
in different subnets.
Correct Answer: CD 🗳️
Questão 3
O FortiGate está operando no modo NAT e está configurado com duas subinterfaces de LAN virtual (VLAN)
adicionadas à mesma interface física.
Neste cenário, quais são os dois requisitos para o ID da VLAN? (Escolha dois.)
A. As duas subinterfaces de VLAN podem ter o mesmo ID de VLAN, somente se tiverem endereços IP na
mesma sub-rede.
B. As duas subinterfaces de VLAN podem ter o mesmo ID de VLAN, somente se pertencerem a VDOMs
diferentes. mais votado
C. As duas subinterfaces de VLAN devem ter IDs de VLAN diferentes. mais votado
D. As duas subinterfaces de VLAN podem ter o mesmo ID de VLAN, somente se tiverem endereços IP em
diferentes sub-redes.
Question #9
Refer to the exhibit showing a debug flow output.
What two conclusions can you make from the debug flow output? (Choose two.)
A. The debug flow is for ICMP traffic. Most Voted
B. The default route is required to receive a reply.
C. Anew traffic session was created. Most Voted
D. A firewall policy allowed the connection.
Hide Solution Discussion 8
Correct Answer: AC 🗳️
Based on the information shown in the exhibit, what configuration change must the
administrator make to fix the connectivity issue?
A. Configure a loopback interface with address 203.0.113.2/32.
B. In the VIP configuration, enable arp-reply. Most Voted
C. Enable port forwarding on the server to map the external service port to the internal service
port.
D. In the firewall policy configuration, enable match-vip.
Hide Solution Discussion 6
Correct Answer: D 🗳️
Question #17
What are two benefits of flow-based inspection compared to proxy-based inspection?
(Choose two.)
A. FortiGate uses fewer resources. Most Voted
B. FortiGate performs a more exhaustive inspection on traffic.
C. FortiGate adds less latency to traffic. Most Voted
D. FortiGate allocates two sessions per connection.
Hide Solution Discussion 6
Correct Answer: AC 🗳️
Based on the exhibit, which configuration change can the administrator make to allow Twitter
while blocking all other social networking sites?
A. On the FortiGuard Category Based Filter configuration, set Action to Warning for Social
Networking.
B. On the Static URL Filter configuration, set Type to Simple.
C. On the Static URL Filter configuration, set Action to Exempt. Most Voted
D. On the Static URL Filter configuration, set Action to Monitor.
Hide Solution Discussion 6
Correct Answer: C 🗳️
Question #21
Which three criteria can FortiGate use to look for a matching firewall policy to process traffic?
(Choose three.)
A. Services defined in the firewall policy Most Voted
B. Highest to lowest priority defined in the firewall policy
C. Destination defined as Internet Services in the firewall policy Most Voted
D. Lowest to highest policy ID number
E. Source defined as Internet Services in the firewall policy Most Voted
Hide Solution Discussion 8
Correct Answer: ABE 🗳️
Based on the exhibits, which two statements about the traffic passing through the cluster are
true? (Choose two.)
A. For non-load balanced connections, packets forwarded by the cluster to the server contain
the virtual MAC address of port2 as source. Most Voted
B. The traffic sourced from the client and destined to the server is sent to FGT-1.
C. The cluster can load balance ICMP connections to the secondary.
D. For load balanced connections, the primary encapsulates TCP SYN packets before
forwarding them to the secondary. Most Voted
Hide Solution Discussion 9
Correct Answer: AB 🗳️