Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)
Answer : BCE
Refer to the exhibit.
In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?
Answer : A
Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)
Answer : ADE
Refer to the exhibits.
Exhibit A.
Exhibit B.
The exhibit shows the configuration for the SD-WAN member, Performance SLA, and SD-WAN Rule, as well as the output of diagnose sys virtual-wan-link health-check.
Which interface will be selected as an outgoing interface?
Answer : C
Which two statements are true about the RPF check? (Choose two.)
Answer : AD
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
Answer : ABD
FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.
In this scenario, which statement about the VLAN IDs is true?
Answer : D
Refer to the exhibit, which contains a session diagnostic output.
Which statement is true about the session diagnostic output?
Answer : B
Refer to the exhibits.
The exhibits contain a network diagram, central SNAT policy, and IP pool configuration.
Exhibit A.
Exhibit B.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
A firewall policy is configured to allow all destinations from LAN (port3) to WAN (port1).
Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.
Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?
Answer : A
Which scanning technique on FortiGate can be enabled only on the CLI?
Answer : B
Refer to the exhibits.
Exhibit A.
Exhibit B.
The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.
How will FortiGate handle user authentication for traffic that arrives on the LAN interface?
Answer : B
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
Answer : AB
An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must an administrator do to achieve this objective?
Answer : B
An administrator needs to increase network bandwidth and provide redundancy.
What interface type must the administrator select to bind multiple FortiGate interfaces?
Answer : A