更多"[单选题]Refer to the exhibit.A network"的相关试题:
[多选题]
Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The
Administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.
Based on the phase 1 configuration and the diagram shown in the exhibit which two configuration changes will bring phase 1 up? (Choose two.)
A. On HQ-FortiGate set IKE mode to Main (ID protection).
B. On both FortiGate devices set Dead Peer Detection to On Demand.
C. On HQ-FortiGate disable Diffie-Helman group 2.
D. On Remote-FortiGate set port2 as Interface.
[单选题]
An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?
A. VLAN interface
B. Software Switch interface
C. Aggregate interface
D. Redundant interface
[单选题]
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic in addition the remote peer does not support a dynamic DNS update service. What type of remote gateway should tie administrator configure on FortiGate for the new IPsec VPN tunnel to work?
A. Static IP Address
B. Dialup User
C. Dynamic DNS
D. Pre-shared Key
[单选题]
A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites the browser reports certificate warning errors. When visiting HTTP websites the browser does not report errors.
What is the reason for the certificate warning errors?
A. The browser requires a software update.
B. FortiGate does not support full SSL inspection when web filtering is enabled.
C. The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.
D. There are network connectivity issues.
[单选题]
Refer to the exhibit.
Which contains a network diagram and routing table output.
The Student is unable to access Webserver.
What is the cause of the problem and what is the solution for the problem?
A. The first packet sent from Student failed the RPF check.
This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.
B. The first reply packet for Student failed the RPF check.
This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.
C. The first reply packet for Student failed the RPF check.
This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.
D. The first packet sent from Student failed the RPF check.
This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.
[单选题]
Refer to the exhibit.
In the network shown in the exhibit the web client cannot connect to the HTTP web server. The
Administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit. What should the administrator do next to troubleshoot the problem?
A. Run a sniffer on the web server.
B. Capture the traffic using an external sniffer connected to port1.
C. Execute another sniffer in the FortiGate this time with the filter "host 10.0.1.10"
D. Execute a debug flow.
[多选题]
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two)
A. Configure a high distance on the static route for the primary tunnel and a lower distance on the static route for the secondary tunnel.
B. Enable Dead Peer Detection.
C. Configure a lower distance on the static route for the primary tunnel and a higher distance on the static route for the secondary tunnel.
D. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
[多选题]
Refer to the FortiGuard connection debug output.
Based on the output shown in the exhibit which two statements are correct? (Choose two.)
A. A local FortiManager is one of the servers FortiGate communicates with.
B. One server was contacted to retrieve the contract information.
C. There is at least one server that lost packets consecutively.
D. FortiGate is using default FortiGuard communication settings.
[单选题]
Refer to the exhibit which contains a static route configuration.
An administrator created a static route for Amazon Web Services.
What CLI command must the administrator use to view the route?
A. get router info routing-table all
B. get internet service route list
C. get router info routing-table database
D. diagnose firewall proute list
[单选题]
Refer to the exhibit which contains a session diagnostic output.
Which statement is true about the session diagnostic output?
A. The session is a UDP unidirectional state.
B. The session is in TCP ESTABLISHED state.
C. The session is a bidirectional UDP connection.
D. The session is a bidirectional TCP connection.
[单选题]
Refer to the exhibit to view the application control profile.
Users who use Apple FaceTime video conferences are unable to set up meetings.
In this scenario which statement is true?
A. Apple FaceTime belongs to the custom monitored filter.
B. The category of Apple FaceTime is being monitored.
C. Apple FaceTime belongs to the custom blocked filter.
D. The category of Apple FaceTime is being blocked.
[单选题]
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).
Which statement is correct if a user is unable to receive a block replacement message when
Downloading an infected file for the first time?
A. The firewall policy performs the full content inspection on the file.
B. The flow-based inspection is used which resets the last packet to the user.
C. The volume of traffic being inspected is too high for this model of FortiGate.
D. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.
[单选题]
Refer to the exhibit to view the firewall policy.
Which statement is correct if well-known viruses are not being blocked?
A. The firewall policy does not apply deep content inspection.
B. The firewall policy must be configured in proxy-based inspection mode.
C. The action on the firewall policy must be set to deny.
D. Web filter should be enabled on the firewall policy to complement the antivirus profile.
[单选题]
Refer to the exhibit.
Which contains a Performance SLA configuration.
An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?
A. Participants configured are not SD-WAN members.
B. There may not be a static route to route the performance SLA traffic.
C. The Ping protocol is not supported for the public servers that are configured.
D. You need to turn on the Enable probe packets switch.
[单选题]
Refer to the exhibit.
According to the certificate values shown in the exhibit which type of entity was the certificate issued to?
A. A user
B. A root CA
C. A bridge CA
D. A subordinate
[单选题]
Refer to the exhibit.
Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?
A. The signature setting uses a custom rating threshold.
B. The signature setting includes a group of other signatures.
C. Traffic matching the signature will be allowed and logged.
D. Traffic matching the signature will be silently dropped and logged.
[单选题]
Refer to the exhibit.
Which contains a session diagnostic output. Which statement is true about the session diagnostic
Output?
A. The session is in SYN_SEXT state.
B. The session is in FIN_ACK state.
C. The session is in FTN_WAIT state.
D. The session is in ESTABLISHED state.
[单选题]
Refer to the exhibits.
The SSL VPN connection fails when a user attempts to connect to it. What should the user do to
Successfully connect to SSL VPN?
A. Change the SSL VPN port on the client.
B. Change the Server IP address.
C. Change the idle-timeout.
D. Change the SSL VPN portal to the tunnel.
