01. You must automate a weekly backup of all FortiGate devices in an enterprise network. Which two steps must you take to implement this automation?
(Choose two.)
a) Integrate all FortiGate devices in a Security Fabric environment.
b) Create a script to be run in the device database.
c) Create metadata variables for all FortiGate devices.
d) Create an automation stitch.
02. Which two ways will applications be impacted when you adjust the TCP maximum segment size (MSS) on FortiGate?
(Choose two.)
a) The MSS configuration is prone to errors because it requires a thorough understanding of the network path.
b) The overall data throughput is decreased when the MSS value is decreased.
c) The network efficiency improves when there is a decrease in the MSS value.
d) The packet count increases adding unnecessary TCP headers when the MSS value is increased.
03. You must ensure that users cannot access sites containing malware and spyware, while also protecting them from phishing attempts. What is the most resource-efficient method to block access to these sites?
a) Enable antivirus profiles to scan all web traffic and block downloads from these malicious sites.
b) Set up a DNS filter and block domains related to these categories to stop users from reaching malicious content.
c) Configure FortiGuard web filtering and block the categories malware, spyware, and phishing to prevent access to such sites.
d) Create a custom intrusion prevention system (IPS) policy to monitor and block all outbound traffic related to malware, spyware, and phishing sites.
04. You configured FortiGate Session Life Support Protocol (FGSP) cluster members to encrypt the session synchronization. When you perform a sniffer trace on the interface dedicated for synchronization, the sniffer trace shows UDP packets only.
What are two reasons why the sniffer trace captures only UDP packets?
(Choose two.)
a) The administration has not configured the SESSYNC_1 tunnel.
b) The psksecret value does not match.
c) encryption is not set to enable on both members.
d) The encryption is encapsulated in UDP packets.
05. In an enterprise firewall, one firewall policy is being used for intrusion prevention. Which configuration in the firewall policy must you check to confirm the optimum performance for intrusion prevention?
a) set cp-accel-mode enable
b) set inspection-mode proxy
c) set offload enable
d) set np-acceleration enable
06. You want to simplify a new hub-and-spoke network deployment with the BGP recommended configuration. Which two sections on FortiManager must you use?
(Choose two.)
a) Automation Stitch
b) Meta Fields
c) Metadata Variables
d) Provisioning Templates
07. How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?
a) FortiManager can download and maintain local copies of FortiGuard databases.
b) FortiManager supports only FortiGuard push to managed devices.
c) FortiManager will respond to update requests only if they originate from a managed device.
d) FortiManager does not support rating requests.
08. In an enterprise firewall, one firewall policy is being used for intrusion prevention. Which configuration in the firewall policy must you check to confirm the optimum performance for intrusion prevention?
a) set cp-accel-mode enable
b) set inspection-mode proxy
c) set offload enable
d) set np-acceleration enable
09. You must ensure that users cannot access sites containing malware and spyware, while also protecting them from phishing attempts. What is the most resource-efficient method to block access to these sites?
a) Enable antivirus profiles to scan all web traffic and block downloads from these malicious sites.
b) Set up a DNS filter and block domains related to these categories to stop users from reaching malicious content.
c) Configure FortiGuard web filtering and block the categories malware, spyware, and phishing to prevent access to such sites.
d) Create a custom intrusion prevention system (IPS) policy to monitor and block all outbound traffic related to malware, spyware, and phishing sites.
10. You want to simplify a new hub-and-spoke network deployment with the BGP recommended configuration. Which two sections on FortiManager must you use?
(Choose two.)
a) Automation Stitch
b) Meta Fields
c) Metadata Variables
d) Provisioning Templates
Before you write the Fortinet Enterprise Firewall Administrator (FCSS_EFW_AD-7.6) certification exam, you may have certain doubts in your mind regarding the pattern of the test, the types of questions asked in it, the difficulty level of the questions and time required to complete the questions. These Fortinet Certified Solution Specialist - Network Security (Enterprise Firewall Administrator) sample questions and demo exam help you in removing these doubts and prepare you to take the test.