更多"[单选题]An administrator has configure"的相关试题:
[多选题]
An administrator has configured the following settings:
A. Device detection on all interfaces is enforced for 30 minutes.
B. Denied users are blocked for 30 minutes.
C. A session for denied traffic is created.
D. The number of logs generated by denied traffic is reduced.
[单选题]
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?
A. The strict RPF check is run on the first sent and reply packet of any new session.
B. Strict RPF checks the best route back to the source using the incoming interface.
C. Strict RPF checks only for the existence of at cast one active route back to the source using the incoming interface.
D. Strict RPF allows packets back to sources with all active routes.
[单选题]
An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?
A. Configure Source IP Pools.
B. Configure split tunneling in tunnel mode.
C. Configure different SSL VPN realms.
D. Configure host check.
[单选题]
An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?
A. A phase 2 configuration is not required.
B. This VPN cannot be used as part of a hub-and-spoke topology.
C. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.
D. The IPsec firewall policies must be placed at the top of the list.
[多选题]
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
A. The interface has been configured for one-arm sniffer.
B. The interface is a member of a virtual wire pair.
C. The operation mode is transparent.
D. The interface is a member of a zone.
E. Captive portal is enabled in the interface.
[单选题]
A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites the browser reports certificate warning errors. When visiting HTTP websites the browser does not report errors.
What is the reason for the certificate warning errors?
A. The browser requires a software update.
B. FortiGate does not support full SSL inspection when web filtering is enabled.
C. The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.
D. There are network connectivity issues.
[多选题]
By default FortiGate is configured to use HTTPS when performing live web filtering with
FortiGuard servers.Which two CLI commands will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering? (Choose two.)
A. set fortiguard anycast disable
B. set protocol udp
C. set webfilter-force-off disable
D. set webfilter-cache disable
[单选题]
If the Services field is configured in a Virtual IP (VIP) which statement is true when central NAT is used?
A. The Services field prevents SNAT and DNAT from being combined in the same policy.
B. The Services field is used when you need to bundle several VIPs into VIP groups.
C. The Services field removes the requirement to create multiple VIPs for different services.
D. The Services field prevents multiple sources of traffic from using multiple services to connect to a single
[多选题]
Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)
A. Firewall policy
B. Policy rule
C. Security policy
D. SSL inspection and authentication policy
[多选题]
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.
Which two other security profiles can you apply to the security policy? (Choose two.)
A. Antivirus scanning
B. File filter
C. DNS filter
D. Intrusion prevention
[单选题]
An administrator Is configuring an IPsec VPN between site A and site B
The Remote Gateway setting in both sites has been configured as Static IP Address. For site Athe local quick mode selector is192.160.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B?
A. 192.168.1.0/24
B. 192.168.0.0/24
C. 192.168.2.0/24
D. 192.168.3.0/24
[单选题]
An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?
A. VLAN interface
B. Software Switch interface
C. Aggregate interface
D. Redundant interface
[单选题]
An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway
Setting in both sites has been configured as Static IP Address. For site A the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24.
How must the administrator configure the local quick mode selector for site B?
A. 192.168.3.0/24
B. 192.168.2.0/24
C. 192.168.1.0/24
D. 192.168.0.0/8
[单选题]
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic in addition the remote peer does not support a dynamic DNS update service. What type of remote gateway should tie administrator configure on FortiGate for the new IPsec VPN tunnel to work?
A. Static IP Address
B. Dialup User
C. Dynamic DNS
D. Pre-shared Key
[单选题]
An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must an administrator do to achieve this objective?
A. The administrator can register the same FortiToken on more than one FortiGate.
B. The administrator must use the user self-registration server.
C. The administrator can use a third-party radius OTP server.
D. The administrator must use a FortiAuthenticator device.
[单选题]
Refer to the exhibit.A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. Theadministrator has determined that phase 1 status is up. but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit what configuration change will bring phase 2 up?
A. On HQ-FortiGate enable Auto-negotiate.
B. On Remote-FortiGate set Seconds to 43200.
C. On HQ-FortiGate enable Diffie-Hellman Group 2.
D. On HQ-FortiGate set Encryption to AES256.
[多选题]
An administrator is running the following sniffer command:
Which three pieces of Information will be Included in me sniffer output? {Choose three.)
A. Interface name
B. Packet payload
C. Ethernet header
D. IP header
E. Application header
[单选题]
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?
A. Add the support of NTLM authentication.
B. Add user accounts to Active Directory (AD).
C. Add user accounts to the FortiGate group fitter.
D. Add user accounts to the Ignore User List.
