Page: 1
/ 13
Total 65 questions
Your colleague has enabled virtual clustering to load balance traffic between the cluster units. You notice that all traffic is currently directed to a single FortiGate unit. Your colleague has applied the configuration shown in the exhibit.
Which step would you perform to load balance traffic within the virtual cluster?
- A. Issue the diagnose sys ha reset-uptime command on the unit that is currently processing traffic to enable load balancing.
- B. Add an additional virtual cluster high-availability link to enable cluster load balancing.
- C. Input Virtual Cluster domain 1 and Virtual Cluster domain 2 device priorities for each cluster unit.
- D. Use the set override enable command on both units to allow the secondary unit to load balance traffic.
Answer : C
Explanation:
References:
A customer has the following requirements:
- local peer with two Internet links
- remote peer with one Internet link
- secure traffic between the two peers
- granular control with Accept policies
Which solution provides security and redundancy for traffic between the two peers?
- A. a fully redundant VPN with interface mode configuration
- B. a partially redundant VPN with interface mode configuration
- C. a partially redundant VPN with tunnel mode configuration
- D. a fully redundant VPN with tunnel mode configuration
Answer : B
The FortiGate is an IPsec VPN hub. A VPN spoke protecting subnet 192.168.222.0/24 has successfully brought up a tunnel with the FortiGate. This remote network is present in the
FortiGate routing table as shown in the exhibit.
Which statement is true?
- A. This subnet was learned during quick-mode negotiation and was dynamically injected into the routing table.
- B. The FortiGate administrator configured this subnet as a locally connected subnet on the BranchOffice phase1 interface.
- C. The route in the exhibit is bound to “BranchOffice_0” which is a tunnel other than “BranchOffice”.
- D. The FortiGate administrator configured a static route for 192.168.222.0/24.
Answer : B
A customer wants to secure the network shown in the exhibit with a full redundancy design.
Which security design would you use?
- A. Place a FortiGate FGCP Cluster between DD and AA, then connect it to SW1, SW2, SW3, and SW4.
- B. Place a FortiGate FGCP Cluster between BB and CC, then connect it to SW1, SW2, SW3, and SW4.
- C. Place a FortiGate FGCP Cluster between BB and AA, then connect it to SW1, SW2, SW3, and SW4.
- D. Place a FortiGate FGCP Cluster between DD and FF, then connect it to SW1, SW2, SW3, and SW4.
Answer : A
You have received an issue report about users not being able to use a video conferencing application. This application uses two UDP ports and two TCP ports to communicate with servers on the Internet. The network engineering team has confirmed there is no routing problem. You are given a copy of the FortiGate configuration.
Which three configuration objects will you inspect to ensure that no policy is blocking this traffic? (Choose three.)
- A. config firewall interface-policy
- B. config firewall DoS-policy
- C. config firewall policy
- D. config firewall multicast-policy
- E. config firewall sniffer-policy
Answer : B,C,E
31 days access 