Consider the following FortiGate configuration: Which command-line option for deep inspection SSL would have the FortiGate re-sign all untrusted self-signed certificates with the trusted Fortinet_CA_SSL certificate?
A. block
B. inspect
C. allow
D. ignore
You are administering the FortiGate 5000 and FortiGate 7000 series products. You want to access the HTTPS GUI of the blade located in logical slot 3 of the secondary chassis in a high-availability cluster.
Which URL will accomplish this task?
A. https://192.168.1.99:44322
B. https://192.168.1.99:44323
C. https://192.168.1.99:44313
D. https://192.168.1.99:44302
A customer is looking for a way to remove javascripts, macros and hyperlinks from documents traversing the network without affecting the integrity of the content. You propose to use the Content disarm and reconstruction (CDR) feature of the FortiGate.
Which two considerations are valid to implement CDR in this scenario? (Choose two.)
A. The inspection mode of the FortiGate is not relevant for CDR to operate.
B. CDR is supported on HTTPS, SMTPS, and IMAPS if deep inspection is enabled.
C. CDR can only be performed on Microsoft Office Document and PDF files.
D. Files processed by CDR can have the original copy quarantined on the FortiGate.
Refer to the exhibit.
You need to apply the security features listed below to the network shown in the exhibit.
High grade DDoS protection Web security and load balancing for Server 1 and Server 2 Solution must be PCI DSS compliant Enhanced security to DNS 1 and DNS 2
What are three solutions for this scenario? (Choose three.)
A. FortiDDoS between FG1 and FG2 and the Internet
B. FortiADC for VDOM-A
C. FortiWeb for VDOM-A
D. FortiADC for VDOM-B
E. FortiDDoS between FG1 and FG2 and VDOMs
Refer to the exhibit.
You have two data centers with a FortiGate 7000-series chassis connected by VPN. All traffic flows over an established generic routing encapsulation (GRE) tunnel between them. You are troubleshooting traffic that is traversing between Server VLAN A and Server VLAN B. The performance is lower than expected and you notice all traffic is only going through the FPM in slot 3 while nothing through the FPM in slot 4.
Referring to the exhibit, which statement is true?
A. Removing traffic shaping from the firewall policy allowing this traffic will allow for load-balancing to the other module.
B. Changing the algorithm to take source IP, destination IP and port into account will load balance this traffic to the other module.
C. There is no way to load-balance the traffic in this scenario.
D. Configuring a load-balance flow-rule in the CLI will load-balance this traffic.
Refer to the exhibit.
A customer is using dynamic routing to exchange the default route between two FortiGate devices using OSPFv2. The output of the get router info ospf neighbor command shows that the neighbor is up, but the default route does not appear in the routing neighbor shown below.
According to the exhibit, what is causing the problem?
A. FG2 is within the wrong OSPF area.
B. OSPF requires the redistribution of connected networks.
C. There is an OSPF interface network-type mismatch.
D. A prefix for the default route is missing.
Refer to the exhibit.
The exhibit shows the configuration of a service protection profile (SPP) in a FortiDDoS device. Which two statements are true about the traffic matching being inspected by this SPP? (Choose two.)
A. Traffic that does not match any SPP policy will be inspected by this SPP.
B. FortiDDoS will not send a SYN/ACK if a SYN packet is coming from an IP address that is not in the legitimate IP (LIP) address table.
C. FortiDDoS will start dropping packets as soon as the traffic exceeds the configured minimum threshold.
D. SYN packets with payloads will be dropped.
Refer to the exhibit.
Only users authenticated in FortiGate-B can reach the server. A customer wants to deploy a single sign-on solution for IPsec VPN users. Once a user is connected and authenticated to the VPN in FortiGate-A, the user does not need to authenticate again in FortiGate-B to reach the server.
Referring to the exhibit, which two actions satisfy this requirement? (Choose two.)
A. Use Kerberos authentication.
B. Use the Collector Agent.
C. Use FortiAuthenticator.
D. FortiGate-A must generate a RADIUS accounting packet.
Refer to the exhibit.
An organization has a FortiGate cluster that is connected to two independent ISPs. You must configure the FortiGate failover for a single ISP failure to occur without disruption.
Referring to the exhibit, which two FortiGate BGP features are enabled to accomplish this task? (Choose two.)
A. EBGP multipath
B. Graceful restart
C. Synchronization
D. BFD
You have configured an HA cluster with two FortiGate devices. You want to make sure that you are able to manage the individual cluster members directly using port3.
Referring to the configuration shown, in which two ways can you accomplish this task? (Choose two.)
A. Create a management VDOM and disable the HA synchronization for this VDOM, assign port3 to this VDOM, then configure specific IPs for port3 on both cluster members.
B. Configure port3 to be a dedicated HA management interface; then configure specific IPs for port3 on both cluster members.
C. Allow administrative access in the HA heartbeat interfaces.
D. Disable the sync feature on port3; then configure specific IPs for port3 on both cluster members.
