更多"[单选题]Examine the exhibit which cont"的相关试题:
[单选题]
Refer to the exhibit.
Which contains a Performance SLA configuration.
An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?
A. Participants configured are not SD-WAN members.
B. There may not be a static route to route the performance SLA traffic.
C. The Ping protocol is not supported for the public servers that are configured.
D. You need to turn on the Enable probe packets switch.
[单选题]
Refer to the exhibit.
Which contains a session diagnostic output. Which statement is true about the session diagnostic
Output?
A. The session is in SYN_SEXT state.
B. The session is in FIN_ACK state.
C. The session is in FTN_WAIT state.
D. The session is in ESTABLISHED state.
[单选题]
Refer to the exhibit.
Which contains a network diagram and routing table output.
The Student is unable to access Webserver.
What is the cause of the problem and what is the solution for the problem?
A. The first packet sent from Student failed the RPF check.
This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.
B. The first reply packet for Student failed the RPF check.
This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.
C. The first reply packet for Student failed the RPF check.
This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.
D. The first packet sent from Student failed the RPF check.
This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.
[单选题]
Refer to the exhibit which contains a session diagnostic output.
Which statement is true about the session diagnostic output?
A. The session is a UDP unidirectional state.
B. The session is in TCP ESTABLISHED state.
C. The session is a bidirectional UDP connection.
D. The session is a bidirectional TCP connection.
[单选题]
Refer to the exhibit which contains a static route configuration.
An administrator created a static route for Amazon Web Services.
What CLI command must the administrator use to view the route?
A. get router info routing-table all
B. get internet service route list
C. get router info routing-table database
D. diagnose firewall proute list
[多选题]
View the exhibit.
Which of the following statements are correct? (Choose two.)
A. This setup requires at least two firewall policies with the action set to IPsec.
B. Dead peer detection must be disabled to support this type of IPsec setup.
C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
D. This is a redundant IPsec setup.
[多选题]
View the exhibit:
Which the FortiGate handle web proxy traffic rue? (Choose two.)
A. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.
B. port-VLAN1 is the native VLAN for the port1 physical interface.
C. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
D. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.
[单选题]
Refer to the exhibit.
The exhibit contains the configuration for an SD-WAN Performance SLA as well as the output of
Diagnose sys virtual-wan-link health-check.
Which interface will be selected as an outgoing interface?
A. port2
B. port4
C. port3
D. port1
[多选题]
Refer to the exhibit.
The exhibit contains a network diagram firewall policies and a firewall address object configuration. An administrator created a Deny policy with default settings to deny Webserver access for Remote- user2. Remote-user2 is still able to access Webserver.
Which two changes can the administrator make to deny Webserver access for Remote-User2?
(Choose two.)
A. Disable match-vip in the Deny policy.
B. Set the Destination address as Deny_IP in the Allow-access policy.
C. Enable match vip in the Deny policy.
D. Set the Destination address as Web_server in the Deny policy.
[单选题]
Refer to the exhibit.
Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
A. The IPS engine was inspecting high volume of traffic.
B. The IPS engine was unable to prevent an intrusion attack.
C. The IPS engine was blocking all traffic.
D. The IPS engine will continue to run in a normal state.
[多选题]
Examine this PAC file configuration.
Which of the following statements are true? (Choose two.)
A. Browsers can be configured to retrieve this PAC file from the FortiGate.
B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.
C. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet have to go through altproxy.corp.com: 8060.
D. Any web request fortinet.com is allowed to bypass the proxy.
[单选题]
Examine the following web filtering log.
Which statement about the log message is true?
A. The action for the category Games is set to block.
B. The usage quota for the IP address 10.0.1.10 has expired
C. The name of the applied web filter profile is default.
D. The web site miniclip.com matches a static URL filter whose action is set to Warning.
[单选题]
Examine this FortiGate configuration:
Examine the output of the following debug command:
Based on the diagnostic outputs above how is the FortiGate handling the traffic for new sessions that require inspection?
A. It is allowed but with no inspection
B. It is allowed and inspected as long as the inspection is flow based
C. It is dropped.
D. It is allowed and inspected as long as the only inspection required is antivirus.
[多选题]
Refer to the exhibit.
The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)
A. FortiGate SN FGVM010000065036 HA uptime has been reset.
B. FortiGate devices are not in sync because one device is down.
C. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
D. FortiGate SN FGVM010000064692 has the higher HA priority.
[多选题]
Refer to the exhibit.
The exhibit shows proxy policies and proxy addresses the authentication rule and authentication scheme users and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.
The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.
How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http://www.fortinet.com? (Choose two.)
A. If a Mozilla Firefox browser is used with User-B credentials the HTTP request will be allowed.
B. If a Google Chrome browser is used with User-B credentials the HTTP request will be allowed.
C. If a Mozilla Firefox browser is used with User-A credentials the HTTP request will be allowed.
D. If a Microsoft Internet Explorer browser is used with User-B credentials the HTTP request will be allowed.