Page: 1
/ 4
Total 57 questions
You want to have faster detection for OSPF.
Which parameter should you enable on both connected FortiGate devices?
- A. distribute-list-in
- B. rfc1583-compatible
- C. restart-on-topology-change
- D. bfd
Answer : D
Refer to the exhibit, which provides information on BGP neighbors.
What can you conclude from this command output?
- A. You must change the AS number to match the remote peer.
- B. BGP is attempting to establish a TCP connection with the BGP peer.
- C. The bfd configuration is set to enable.
- D. The routers are in the same area ID of 0.0.0.0.
Answer : B
Which two statements about ADVPN are true? (Choose two.)
- A. The hub adds routes based on IKE negotiations.
- B. You must configure phase 2 quick mode selectors to 0.0.0.0 0.0.0.0.
- C. All FortiGate devices must be in the same autonomous system (AS).
- D. You must disable add-route in the hub.
Answer : AB
Which statement about network processor (NP) offloading is true?
- A. The NP checks the session key or IPSec SA.
- B. The NP provides IPS signature matching.
- C. You can disable the NP for each firewall policy using the command np-acceleration set to loose.
- D. For TCP traffic, FortiGate CPU offloads the first packets of SYN/ACK and ACK of the three-way handshake to NP.
Answer : A
Refer to the exhibit, which shows an error in system fortiguard configuration.
What is the reason you cannot set the protocol to udp in config system fortiguard?
- A. udp is not a protocol option.
- B. fortiguard-anycast is set to enable.
- C. You do not have the corresponding write access.
- D. FortiManager provides FortiGuard.
Answer : B
Refer to the exhibit, which contains an active-active load balancing scenario.
During the traffic flow, the primary FortiGate forwards the SYN packet to the secondary FortiGate.
What is the destination MAC address or addresses when packets are forwarded from the primary FortiGate to the secondary FortiGate?
- A. Secondary virtual MAC port1 then physical MAC port1
- B. Secondary virtual MAC port1
- C. Secondary physical MAC port1
- D. Secondary physical MAC port1 then virtual MAC port2
Answer : C
Which configuration can be used to reduce the number of BGP sessions in an IBGP network?
- A. route-reflector-peer enable
- B. route-reflector-server enable
- C. route-reflector-client enable
- D. route-reflector enable
Answer : C
In which two ways does FortiManager function when it is deployed as a local FDS? (Choose two.)
- A. It can be configured as an update server, a rating server, or both.
- B. It caches available firmware updates for unmanaged devices.
- C. It supports rating requests from non-FortiGate devices.
- D. It provides VM license validation services.
Answer : AD
Refer to the exhibit, which shows a partial web filter profile configuration.
What can you conclude from this configuration about access to www.facebook.com, which is categorized as Social Networking?
- A. The access is blocked, based on the URL Filter configuration.
- B. The access is blocked, based on the Content Filter configuration.
- C. The access is allowed, based on the FortiGuard Category Based Filter configuration.
- D. The access is blocked if the local or the public FortiGuard server does not reply.
Answer : A
Refer to the exhibit, which shows an ADVPN network.
The client behind Spoke-1 generates traffic to the device located behind Spoke-2.
Which first message does the hub send to Spoke-1 to bring up the dynamic tunnel?
- A. Shortcut forward
- B. Shortcut reply
- C. Shortcut query
- D. Shortcut offer
Answer : C
Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)
- A. OSPF interface network types match.
- B. OSPF interface priority settings are unique.
- C. OSPF router IDs are unique.
- D. OSPF link costs match.
- E. Authentication settings match.
Answer : ACE
Refer to the exhibit, which shows a partial routing table.
What two conclusions can you draw from the corresponding FortiGate configuration? (Choose two.)
- A. OSPF is configured to run over IPSec.
- B. net-device is enabled in the tunnel IPSec phase 1 configuration.
- C. IPSec tunnel aggregation is configured.
- D. add-route is disabled in the tunnel IPSec phase 1 configuration.
Answer : AD
Which two statements about bfd are true? (Choose two.)
- A. You must configure it globally only.
- B. You can disable it at the protocol level.
- C. It can support neighbors only over the next hop in BGP.
- D. It works for OSPF and BGP.
Answer : BD
Refer to the exhibit, which contains a partial BGP configuration.
You want to configure a loopback as the BGP source.
Which two parameters must you set in the BGP configuration? (Choose two.)
- A. ebgp-enforce-multihop
- B. recursive-next-hop
- C. ibgp-enforce-multihop
- D. update-source
Answer : AD
30 days access 