Which statement about FortiGuard services for FortiGate is true?
A. The web filtering database is downloaded locally on FortiGate.
B. Antivirus signatures are downloaded locally on FortiGate.
C. FortiGate downloads IPS updates using UDP port 53 or 8888.
D. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.
What FortiGate components are tested during the hardware test? (Choose three.)
A. Administrative access
B. HA heartbeat
C. CPU
D. Hard disk
E. Network interfaces
Which one of the following processes is involved in updating IPS from FortiGuard?
A. FortiGate IPS update requests are sent using UDP port 443.
B. Protocol decoder update requests are sent to service.fortiguard.net.
C. IPS signature update requests are sent to update.fortiguard.net.
D. IPS engine updates can only be obtained using push updates.
View the exhibit.
Why is the administrator getting the error shown in the exhibit?
A. The administrator must first enter the command edit global.
B. The administrator admin does not have the privileges required to configure global settings.
C. The global settings cannot be configured from the root VDOM context.
D. The command config system global does not exist in FortiGate.
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?
A. remote user's public IP address
B. The public IP address of the FortiGate device.
C. The remote user's virtual IP address.
D. The internal IP address of the FortiGate device.
Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?
A. To remove the NAT operation.
B. To generate logs
C. To finish any inspection operations.
D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.
What FortiGate configuration is required to actively prompt users for credentials?
A. You must enable one or more protocols that support active authentication on a firewall policy.
B. You must position the firewall policy for active authentication before a firewall policy for passive authentication
C. You must assign users to a group for active authentication
D. You must enable the Authentication setting on the firewall policy
Examine the following web filtering log.
Which statement about the log message is true?
A. The action for the category Games is set to block.
B. The usage quota for the IP address 10.0.1.10 has expired
C. The name of the applied web filter profile is default.
D. The web site miniclip.com matches a static URL filter whose action is set to Warning.
Which statement about the IP authentication header (AH) used by IPsec is true?
A. AH does not provide any data integrity or encryption.
B. AH does not support perfect forward secrecy.
C. AH provides data integrity bur no encryption.
D. AH provides strong data integrity but weak encryption.
Examine the network diagram shown in the exhibit, and then answer the following question:
A firewall administrator must configure equal cost multipath (ECMP) routing on FGT1 to ensure both port1 and port3 links are used at the same time for all traffic destined for 172.20.2.0/24. Which of the following static routes will satisfy this requirement on FGT1? (Choose two.)
A. 172.20.2.0/24 (1/0) via 10.10.1.2, port1 [0/0]
B. 172.20.2.0/24 (25/0) via 10.30.3.2, port3 [5/0]
C. 172.20.2.0/24 (25/0) via 10.10.1.2, port1 [5/0]
D. 172.20.2.0/24 (1/150) via 10.30.3.2, port3 [10/0]
