更多"[多选题]Which three statements about a"的相关试题:
[多选题]
Which three statements about security associations (SA) in IPsec are correct? (Choose three.)
A. Phase 2 SAs are used for encrypting and decrypting the data exchanged through the tunnel.
B. An SA never expires.
C. A phase 1 SA is bidirectional while a phase 2 SA is directional.
D. Phase 2 SA expiration can be time-based volume-based or both.
E. Both the phase 1 SA and phase 2 SA are bidirectional.
[多选题]
Which two statements are true about collector agent standard access mode? (Choose two.)
A. Standard mode uses Windows convention-NetBios: Domain\Username.
B. Standard mode security profiles apply to organizational units (OU).
C. Standard mode security profiles apply to user groups.
D. Standard access mode supports nested groups.
[多选题]
Which two statements are true about the FGCP protocol? (Choose two.)
A. Not used when FortiGate is in Transparent mode
B. Elects the primary FortiGate device
C. Runs only over the heartbeat links
D. Is used to discover FortiGate devices in different HA groups
[多选题]
Which two statements ate true about the Security Fabric rating? (Choose two.)
A. It provides executive summaries of the four largest areas of security focus.
B. Many of the security issues can be fixed immediately by click ng Apply where available.
C. The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
D. The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.
[多选题]
Which two statements are correct about SLA targets? (Choose two.)
A. You can configure only two SLA targets per one Performance SLA.
B. SLA targets are optional.
C. SLA targets are required for SD-WAN rules with a Best Quality strategy.
D. SLA targets are used only when referenced by an SD-WAN rule.
[多选题]
Which two statements are true about the RPF check? (Choose two.)
A. The RPF check is run on the first sent packet of any new session.
B. The RPF check is run on the first reply packet of any new session.
C. The RPF check is run on the first sent and reply packet of any new session.
D. RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.
[多选题]
Which three statements are true regarding session-based authentication? (Choose three.)
A. HTTP sessions are treated as a single user.
B. IP sessions from the same source IP address are treated as a single user.
C. It can differentiate among multiple clients behind the same source IP address.
D. It requires more resources.
E. It is not recommended if multiple users are behind the source NAT
[多选题]Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
A. The firmware image must be manually uploaded to each FortiGate.
B. Only secondary FortiGate devices are rebooted.
C. Uninterruptable upgrade is enabled by default.
D. Traffic load balancing is temporally disabled while upgrading the firmware.
[多选题]
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)
A. For a stronger authentication you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password
B. FortiGate supports pre-shared key and signature as authentication methods.
C. Enabling XAuth results in a faster authentication because fewer packets are exchanged.
D. A certificate is not required on the remote peer when you set the signature as the authentication method.
[多选题]
Which two statements about antivirus scanning mode are true? (Choose two.)
A. In proxy-based inspection mode files bigger than the buffer size are scanned.
B. In flow-based inspection mode. FortiGate buffers the file but also simultaneously transmits it to the client.
C. In proxy-based inspection mode antivirus scanning buffers the whole file for scanning before sending it to the client.
D. In flow-based inspection mode files bigger than the buffer size are scanned.
[多选题]
Which of the following statements about central NAT are true? (Choose two.)
A. IP tool references must be removed from existing firewall policies before enabling central NAT.
B. Central NAT can be enabled or disabled from the CLI only.
C. Source NAT using central NAT requires at least one central SNAT policy.
D. Destination NAT using central NAT requires a VIP object as the destination address in a firewall.
[多选题]
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)
A. Log downloads from the GUI are limited to the current filter view
B. Log backups from the CLI cannot be restored to another FortiGate.
C. Log backups from the CLI can be configured to upload to FTP as a scheduled time
D. Log downloads from the GUI are stored as LZ4 compressed files.
[多选题]
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)
A. hard-timeout
B. auth-on-demand
C. soft-timeout
D. new-session
E. Idle-timeout
[多选题]
Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)
A. Web filter in flow-based inspection
B. Antivirus in flow-based inspection
C. DNS filter
D. Web application firewall
E. Application control
[多选题]
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
A. The subject field in the server certificate
B. The serial number in the server certificate
C. The server name indication (SNI) extension in the client hello message
D. The subject alternative name (SAN) field in the server certificate
E. The host field in the HTTP header
[多选题]
Which three methods are used by the collector agent for AD polling? (Choose three.)
A. FortiGate polling
B. NetAPI
C. Novell API
D. WMI
E. WinSecLog
[多选题]
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)
A. FortiCache
B. FortiSIEM
C. FortiAnalyzer
D. FortiSandbox
E. FortiCloud
[多选题]
Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)
A. diagnose sys top
B. execute ping
C. execute traceroute
D. diagnose sniffer packet any
E. get system arp
[多选题]
Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)
A. Source defined as Internet Services in the firewall policy.
B. Destination defined as Internet Services in the firewall policy.
C. Highest to lowest priority defined in the firewall policy.
D. Services defined in the firewall policy.
E. Lowest to highest policy ID number.
