01. An administrator needs to create a tunnel mode SSL-VPN to access an internal web server from the internet. The web server is connected to port1. The internet is connected to port2. Both interfaces belong to the VDOM named Corporation.
What interface must the administrator use as the source for the firewall policy that will allow this traffic?
a) port2
b) ssl.root
c) ssl.Corporation
d) port1
02. Which two IP pool types are useful for carrier-grade NAT deployments?
(Choose two.)
a) Port block allocation
b) Overload
c) Fixed port range
d) One-to-one
03. Refer to the exhibit.
Which two statements are true about the routing entries in this database table?
(Choose two.)
a) The port3 default route is an inactive route.
b) The default route on port2 is the preferred route.
c) Both default routes have different administrative distances.
d) All of the entries in the routing database table are installed in the FortiGate routing table.
04. Which two settings must you configure when FortiGate is being deployed as a root FortiGate in a Security Fabric topology?
(Choose two.)
a) FortiManager IP address
b) Fabric name
c) FortiAnalyzer IP address
d) Pre-authorize downstream FortiGate devices
05. Refer to the exhibits.
You have implemented the application sensor and the corresponding firewall policy as shown in the exhibits. You cannot access any of the Google applications, but you are able to access www.fortinet.com.
What would you do to resolve this issue?
a) Move up Google in the Application and Filter Overrides section to set its priority to 1.
b) Change Inspection mode to Flow-based.
c) Set SSL inspection to certificate-inspection.
d) Add *Google*.com to the URL category in the security profile.
06. An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to the SSL-VPN. How can this be achieved?
a) Disabling split tunneling
b) Configuring web bookmarks
c) Assigning public IP addresses to SSL-VPN users
d) Using web-only mode
07. Which statement is correct regarding the Security Fabric?
a) FortiManager is one of the required member devices.
b) FortiClient Cloud can be used for logging purposes.
c) You must have three FortiGate devices to establish the Security Fabric.
d) FortiGate devices must be operating in NAT mode.
08. You have hired contractors for your company, created user accounts for them, and added them to the contractors group. The contractors receive a certificate warning error when they attempt to access the FortiGate GUI. Employees can access the portal without any errors.
Which changes must you make to allow the contractors to access the FortiGate GUI?
(Choose two.)
a) Install the company CA certificate on FortiGate.
b) Import the Fortinet_CA_SSL certificate on the contractor's browser.
c) Disable full SSL inspection on FortiGate to prevent warning errors.
d) Create a local-in firewall policy and add contractors as a source group.
09. FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt. What is the most likely reason for this situation?
a) The user is using a super admin account.
b) No matching user account exists for this user.
c) The user is using a guest account profile.
d) The user was authenticated using passive authentication.
10. Refer to the exhibit.
Which route will be selected when trying to reach 10.20.30.254?
a) 10.30.20.0/24 [10/0] via 172.20.121.2, port1, [1/0]
b) 10.20.30.0/26 [10/0] via 172.20.168.254, port2, [1/0]
c) 10.20.30.0/24 [10/0] via 172.20.167.254, port3, [1/0]
d) 0.0.0.0/0 [10/0] via 172.20.121.2, port1, [1/0]